Description of the first login to the MikoPBX web-interface
First login to the MikoPBX system
Go to the MikoPBX installation console, remember the IP address that your PBX received.
MikoPBX IP address for connecting to the WEB interface
Enter the received MikoPBX IP address in the web browser. The authorization page will be displayed. Log in using the default credentials:
Use the following default credentials for the first login to the MikoPBX web interface:
Username: admin
Password: admin
After successful authorization, MikoPBX will automatically open the settings for changing the password:
For more information about the General Settings, see the section.
After changing the password, the system will be fully operational. It is recommended to immediately configure the firewall rules. You can read about how to do this by following .
Standalone Computer
In this article you will find instructions on how to install MikoPBX on a separate computer.
MikoPBX supports installation on a standalone computer. There are two installation methods:
Live USB — writing the image to a flash drive and then installing it onto another disk.
Bootable USB — installing the system directly onto the USB drive itself, allowing you to boot and run the system from it.
This section provides image writing instructions for all supported operating systems (Windows, MacOS, Linux).
System requirements
Discription of system requirements for the MikoPBX system
Network Channel Requirement
An example of calculating the required channel bandwidth for different codecs for 30 simultaneous calls. PBX supports the most popular codecs:
G.711 - 4.67 Mbps
MikoPBX Manual
Description of MikoPBX and the sections you can find in the documentation. Introduction to the documentation.
Foreword
Welcome to the MikoPBX documentation resource! Here you can find step-by-step instructions related to interacting with the MikoPBX PBX system. For your convenience, the documentation is organized into sections - just like in the web interface, making it very easy to navigate.
Thank you for choosing MikoPBX! ❤️
GSM - 1.68 Mbps
G.722 - 4.67 Mbps
G.729 - 1.38 Mbps
The calculation is approximate, when using the same codec on all devices connected to the PBX. Read more here.
Minimum system requirements
We recommend using two hard drives for PBX deployment.
800 Mb hard disk for the main system
A 50+ Gb hard drive for recording conversations
1 (2 cores) x86-64 processor
2 GB of RAM
Network Adapter
A PC with such parameters, in our tests, holds 38 simultaneous incoming calls under the conditions:
10 agents are connected to the queue (all online)
Every second a new call comes in
Music (MOH) is played to the client while waiting
Modules on the PBX is not installed
Approximately, 1 hour of conversation takes up 14MB of disk space. The recommended size for the disk storing call recordings is at least 50 gigabytes.
Installation by writing the image to a USB drive (Live USB)
Installing the system directly onto a USB drive (Bootable USB)
MikoPBX is a free telephony server with its own operating system and a simple, user-friendly web interface. It works with virtually any telephony technology in the world.
MikoPBX Interface
MikoPBX is a fully modular interface for Asterisk, written in PHP and JavaScript. This means that you can implement absolutely any additional Asterisk telephony functionality within MikoPBX. Moreover, if you develop a useful module, you can place it in the public repository and make it available to all MikoPBX users. Additionally, MikoPBX has very low hardware requirements:
Simultaneous Calls
Minimally Recommended Configuration
5 - 10
1 GHz x86-64, 512 MB RAM
Up to 25
3 GHz x86-64, 1 GB RAM
Over 25
2 CPUs 3 GHz x86-64, 2 GB RAM or more
Where to Start?
To get started, you should install MikoPBX using any method convenient for you. Below are installation options. By clicking on their names, you can access detailed articles:
After installation, you can begin exploring your PBX system. The "User Guide" documentation will help you with this, providing detailed information about specific sections:
Module Management – this section provides a detailed explanation of how to install and manage modules.
Documentation on Specific Modules – in this section, you'll find detailed descriptions of each module, as well as steps for configuring and using them.
FAQ Section
In this section, you can find answers to your questions and solutions that will help you expand the functionality of basic features. This section, like the main documentation, is divided into categories for easy navigation.
If you have a question that isn't covered here, you can seek assistance in the Telegram Community, where MikoPBX users help each other resolve issues and needs related to the PBX system.
Virtual Machine
In this article you will find instructions on how to install MikoPBX using various virtual machines.
MikoPBX supports installation using many virtual machines. In this section you can find detailed instructions for them. Click on an item in the list below to go to the instruction for a specific virtual machine:
Cloud
In this article you will find instructions on how to install MikoPBX using various cloud services.
MikoPBX supports installation via many cloud services. In this section you can find detailed instructions for them. Click on an item in the list below to go to the instruction for a specific virtual machine:
The "Host system" must run on Linux 5+. Tested on Debian 11, Ubuntu 21.04, and Ubuntu Server 22.04 LTS.
MikoPBX can be run in Docker using two main methods. The first method involves running the container directly using a Docker command with the necessary parameters. The second method involves using Docker Compose, which simplifies managing multi-container applications and allows the entire configuration to be described in a yaml file, making the deployment and maintenance of the system more convenient.
Telephony
Description of the MikoPBX telephony section
The "Telephony" chapter in the MikoPBX documentation contains detailed information and instructions related to setting up and using telephony in the system.
Extensions in MikoPBX are individual users of the system who are assigned internal numbers for making and receiving calls. They have personal accounts that allow you to configure access rights, call forwarding and other personal settings in the system.
In this article, you will find detailed documentation on adding new employees to the station, setting up their rights and profiles. In addition, information about their additional parameters.
Call queues
Call queues in MikoPBX are a feature that allows you to distribute incoming calls between a group of operators, holding calls in a queue until an operator becomes available. This ensures efficient management of a large call flow and improves customer service.
In this article, you will find detailed documentation on creating and configuring such queues.
IVR Menu
IVR menu in MikoPBX is an interactive voice menu that allows callers to interact with the phone system by pressing keys or using voice commands. It automatically routes calls to the right departments or employees, improving call handling efficiency and customer service.
In this article, you will find documentation on creating and configuring an IVR menu.
Conferences
Conferences in MikoPBX are a feature that allows you to organize group phone calls with multiple participants at the same time. It allows you to hold group discussions, meetings and appointments over the phone, improving communication both within the company and with external partners.
In this article, you will find documentation on creating and configuring conference rooms.
Sound files
Sound files in MikoPBX are audio recordings that are used by the system to play various messages, such as greetings, announcements, IVR menu instructions or waiting signals. They allow you to personalize the audio content that callers hear, improving interaction with the system and providing the necessary information.
In this article, you will find detailed information about them, as well as how to add and edit them.
Call detail records (CDR)
Call detail records in MikoPBX is a log that stores information about all incoming and outgoing calls through the system. It provides detailed data about each call, including time, duration, participant numbers and status, which allows you to analyze communications and optimize the operation of the company's telephone network. In this article, you will find information about storing call records and their filters.
Call Routing
Description of the MikoPBX routing section
The "Call Routing" section in MikoPBX is an interface for configuring call direction rules within the telephone system. Here, administrators can determine how to handle incoming and outgoing calls by setting conditions and routes for efficient distribution of calls among employees, departments, or external lines.
Telephony providers in MikoPBX is the system section where connections to external communication operators are configured via internet protocols for IP telephony. Here, administrators can add and configure SIP trunk accounts or other types of connections that allow the system to make and receive calls to and from landline and mobile numbers.
In this article, you will find detailed documentation on connecting providers to the system, their configuration, and features.
Incoming Routes (Incoming Routing)
Incoming Routing in MikoPBX are a set of rules that define how the system handles incoming calls from external telephony providers. With them, administrators can set call directions based on various conditions such as the caller's number, time of day, or the specific number the call was received on. This enables automatic distribution of incoming calls to specific employees, departments, IVR menus, or call queues. Configuring incoming routes helps optimize call handling and improve customer service quality by providing flexible and efficient management of the company's telephone communications.
In this article, you will find detailed documentation on configuring incoming routing.
Outgoing Routes (Outbound Routing)
Outgoing Routes in MikoPBX are a set of rules and settings that determine how the system handles outgoing calls from employees to external numbers. With them, administrators can manage call direction through various telephony providers or communication lines based on certain conditions such as the dialed number, prefixes, time of day, or user access rights. This helps optimize communication costs, distribute load between channels, and implement security policies by restricting or allowing certain types of calls. Configuring outgoing routes provides flexibility and control over outgoing telephone communication, contributing to the effective operation of the company's communication system.
In this article, you will find detailed documentation on configuring outgoing routing.
Off-Work Time (Night and Holiday Switch)
Off-Work Time in MikoPBX is a tool for setting up call handling rules during periods when the company is not operating, such as at night, on weekends, or on holidays. With it, administrators can define how the system will handle incoming calls during off-hours: redirect to voicemail, play special voice messages, or forward calls to the mobile numbers of on-call staff. This allows for proper interaction with clients outside of working hours and maintains a high level of service.
In this article, you will find detailed documentation on setting up off-work time for your system.
PBX update
This article contains step-by-step instructions for updating MikoPBX to a newer version.
Before updating, be sure to back up your PBX settings using the backup module.
Google Cloud
MikoPBX Installation Guide using Google Cloud
Installing MikoPBX in Google Cloud can be done in two ways: using an image from the Google Cloud Marketplace or from an image based on a file uploaded from the MikoPBX distribution. The first method provides quick and easy deployment of the standard version of MikoPBX, while the second is suitable for intermediate releases.
Time Settings
In this subsection, you can configure the clock and calendar settings.
You need to set the time zone correctly to ensure accurate system time display. If the time zone is not set, notifications and call history will be recorded with incorrect timestamps.
To configure the time zone, go to the "System" section and select "Time Settings":
"Time Settings" section
There is an option to set the time "manually" without using an NTP server. However, whenever possible, we recommend using automatic time synchronization.
To manually set the time, toggle the switch "Adjust the time manually."
AWS
MikoPBX Installation Options Using AWS
The simplest way to install MikoPBX is by deploying a ready-made image from the AWS Marketplace. If you wish to launch a custom version of MikoPBX, please refer to the detailed instructions where we describe step-by-step how to create an AMI image from any MikoPBX distribution.
Connecting to the PBX using SSH
Overview of methods for connecting to a PBX using SSH
SSH (Secure Shell) is a protocol used for secure remote connections and server management. It allows you to run commands, transfer files, and administer systems through an encrypted channel. SSH protects your data from interception by providing authentication and encryption between the client and the server. It is a primary tool for developers, system administrators, and DevOps engineers when working with remote machines.
SSH connection
Below are three different methods for connecting to MikoPBX via the SSH protocol:
Password-based connection using third-party applications (this article uses PuTTY as an example)
Key-based connection, demonstrated with examples on Windows, Linux (MacOS)
Connection using Google Secure Shell Extension.
Conferences
Creating and configuring conferences in MikoPBX
Conference calling is used for conducting group discussions, meetings, or negotiations in cases where participants are unable to meet in person. It is also used when a particular matter needs to be discussed with multiple participants simultaneously.
Create conference rooms
The list of conference rooms is located in the "Telephony" -> "Conferences section".
To create a new conference room, click the "Add conference
Sound files
Adding/Creating Audio Files in MikoPBX
Uploading a sound file to the PBX
Supported file format .mp3 and .wav
Call detail records (CDR)
How to view and filter call history in MikoPBX
Call History provides a log of all incoming, outgoing, and internal calls. It is located under "Telephony" -> "Call History".
Benefits
The Call History feature in MikoPBX enables users to:
Night and Holiday Switch
Setting up non-working time rules
"Off-hours" in MikoPBX is a tool for setting up call processing rules during periods when the company is not working, such as at night, on weekends or holidays. With its help, administrators can determine how the system will handle incoming calls during off-hours: forward to an answering machine, play special voice messages or forward calls to the mobile numbers of on-duty employees. This ensures correct interaction with customers outside of working hours and maintains a high level of service.
Creating a rule
To add a new rule, click on the "Add Time Interval" button.
Reboot
Description of section functions
Rebooting the station via the MikoPBX interface
The system shutdown/reboot menu can be found in MikoPBX by clicking on "Reboot" in the "Maintenance" section.
When you open the page, a list of active calls to the PBX will be displayed. The start date of the call is displayed, from whom and to whom the call.
Updating from the MikoPBX console
Update option from MikoPBX console
Below is an example of a PBX installed on a VirtualBOX virtual machine, updated from version 2023.1.223 to version 2023.2.206.
Download the iso image of the required PBX version from the .
In VirtualBOX, open the settings of the virtual machine where the PBX is installed.
Go to the Storage section.
Select the virtual optical drive.
Click the icon in the Attributes group, and click Choose Disk File.
Select the downloaded PBX iso image.
Start the machine.
The console will display the line "The system loaded in Recovery mode".
Select Install / Repair (or press the number
System
Description of the "System" section in MikoPBX
The "System" section in MikoPBX is the interface for managing general settings and parameters of the telephone system. Here, administrators can configure core system parameters, manage updates, date, and other functions that ensure stable and secure operation of MikoPBX. This section allows you to control and optimize the system's operation at the entire infrastructure level.
General settings
In the "General settings" section of MikoPBX, administrators can manage the main system parameters, such as call recording retention settings, notifications, log parameters, voice prompt language, and many other system options. This section provides control over general functions and behavior of MikoPBX, allowing you to optimize the system's operation according to the organization's needs.
Maintenance
Description of the Maintenance section in MikoPBX
The Maintenance section of MikoPBX is an interface for managing the technical aspects of the system and ensuring its stable operation. Here, administrators can perform tasks on data backup and recovery, software updates, system status monitoring, and event log management. This section helps maintain the functionality of the telephone system, promptly detect and eliminate possible problems.
PBX update
The "PBX update" section in MikoPBX is an interface for managing system software updates. Here, administrators can check for new versions, install updates, and view the change history. Regular use of this section ensures that MikoPBX is up-to-date, secure, and stable.
Network and Firewall
Description of the Network and Firewall section in MikoPBX
The "Network and Firewall" section of MikoPBX is an interface for configuring network settings and managing the system's firewall. Here, administrators can configure IP addresses, network interfaces, and create firewall rules to protect the system from unauthorized access. This section ensures the secure and stable operation of MikoPBX in the organization's network infrastructure.
Network interface
The "Network Interface" section in MikoPBX is an interface for configuring the system's network connection parameters. Here, administrators can manage IP addresses, subnet masks, gateways, and other network settings for each network interface. This allows MikoPBX to be correctly integrated into the organization's network and ensure its stable operation in accordance with the requirements of the network infrastructure.
Anti brute force
This section is used to configure Fail2ban
Fail2ban is enabled together with the Network Firewall switch in the "Network and Firewall" → "Firewall" section.
Fail2ban blocks IP addresses with abnormal activity. When there is a failed authentication attempt, information about the error will be logged in the PBX. Fail2ban analyzes all failed attempts and keeps track of them. When the number of failed attempts exceeds the maximum allowed authentication attempts, the IP address is banned. Fail2ban is capable of slowing down the rate of failed authentication attempts.
Please note that Fail2ban will not help with the use of simple passwords.
Transfer Using Backup
A method to transfer MikoPBX to another host using backup
This method involves creating a backup of your current MikoPBX configuration, transferring it, and restoring it on the new server. It’s simple to implement and suitable for small systems. This approach is convenient for users with minimal technical experience.
First, create a backup of your previous system. You can find detailed instructions in .
Select the data you want to transfer and wait for the process to complete.
Installation on MDADM RAID1
Preparation
WARNING: All data on the disks will be erased.
Docker installation and creating a user and directories
Preparation guide for MikoPBX using Docker
Installing Docker and Docker Compose on Ubuntu 22.04
Before working with Docker, you need to install Docker and Docker Compose themselves. Here's how to do it:
Modules
Description of the Modules section in MikoPBX
The "Modules" section in MikoPBX is an interface for managing additional functional components of the system, which includes two subsections: "Module Management" and "Dialplan Applications".
Managing these subsections allows you to configure MikoPBX as flexibly and efficiently as possible, expanding the functionality of the telephone system and adapting it to the unique requirements of the organization.
Registration in the modules marketplace
Change the login name
When a new is added to the PBX, a SIP account with a numeric internal number is created on the PBX. In some cases, for security reasons, it is necessary to change the name for authorization of this employee.
When configuring SIP Clients, you can often see two key parameters:
Username - usually equal to the account ID, in the case of MikoPBX equal to the internal number
Auth name - username for authorization. In the case of MikoPBX is equal to the internal number
Migrating MikoPBX to Another Server
Overview of methods for transferring MikoPBX to another server
There are several ways to transfer MikoPBX to a different host (server). Each method has its advantages and special considerations. Below is a brief overview of each option, and you can refer to the detailed guides in this section.
Option #1: Transfer Using Backup
Description:
A backup of the current MikoPBX configuration is created and then uploaded to the new server. This method is suitable for smaller amounts of data.
Docker installation and creating a user and directories
Commands to install Docker and Docker Compose and configuration before creating the container
Running MikoPBX in a container
Instructions for running a ready-made MikoPBX container, creating a container from a custom image, and running it
Running MikoPBX using docker compose
Instructions for running multiple MikoPBX instances on a single host using Docker Compose
The "Time Settings" section in MikoPBX is an interface for configuring system date and time parameters. Here, administrators can set the current date and time, choose a time zone, and configure synchronization with Network Time Protocol (NTP) servers. Correct date and time settings are important for accurate event logging, call logs, and the operation of schedule-dependent functions, ensuring system synchronization with other network devices and services.
Mail settings
The "Mail settings" section in MikoPBX allows you to configure sending system notifications via email. Here, administrators specify SMTP server parameters, define events for notifications, such as voice messages or system errors, and edit email templates. This section helps to timely inform users and administrators about important events, ensuring effective control over the system's operation.
Asterisk Manager Inteface (AMI)
The "Asterisk Manager Inteface (AMI)" section in MikoPBX is an interface for configuring access to the Asterisk Manager Interface (AMI). Here, administrators can manage AMI connection parameters, such as enabling or disabling access, specifying login credentials for authentication. Configuring AMI access allows external applications or scripts to interact with the MikoPBX system for monitoring and managing calls, expanding the telephone system's functional capabilities.
System files customization
The "System files customization" section in MikoPBX provides administrators with the ability to directly modify or supplement the system's standard configuration files. Here, you can make individual settings that are not available through the standard web interface and adapt the system's behavior to the specific requirements of your organization.
This section is intended for advanced users who have a deep understanding of the structure and operation of MikoPBX. With its help, you can:
Edit configuration files: Make changes to existing files or add new parameters.
Override standard settings: Change default values for certain functions or modules.
Add your own scripts or modules: Expand the system's functionality by integrating custom solutions.
It is important to note that incorrect modification of system files can lead to unstable operation or system failures. Therefore, it is recommended to create backups before making changes and to carefully check the correctness of the settings.
The "System log entries" section in MikoPBX is a tool for monitoring and analyzing the status of the telephone system. Here, administrators can view event logs, check the status of various services and system components, and test connections and calls. Using this section helps to promptly detect and eliminate technical problems, ensuring stable and efficient operation of MikoPBX.
Reboot
The "Reboot" section in MikoPBX is an interface for securely managing the state of the telephone system via the web interface. Here, administrators can reboot the system to apply new settings or shut it down gracefully for maintenance. Using this section prevents possible errors and ensures stable operation of MikoPBX. In addition, the possibility of rebooting via the console will be discussed.
The "Firewall" section of MikoPBX is an interface for configuring the system's firewall. Here, administrators can create and manage network traffic filtering rules, controlling access to MikoPBX and protecting it from unauthorized access and network threats. Configuring the firewall ensures the security of the telephone system, preventing potential attacks and ensuring stable operation in the organization's network infrastructure.
Anti brute force (Fail2Ban)
The "Anti brute force (Fail2Ban)" section in MikoPBX is a tool for ensuring system security from unauthorized access and network attacks. Fail2Ban monitors event logs and automatically blocks IP addresses that make suspicious or repeated failed login attempts. Setting up this section helps prevent system hacking and protect the organization's confidential data.
Registration in the MikoPBX Marketplace does not affect the basic functionality of the system. You can use MikoPBX to work with calls without registration and installation of additional modules. However, we recommend that you go through the registration procedure in the marketplace to get the opportunity to expand the functionality of the system.
Registration will give you access to additional modules and extensions.
Module management
Module management in MikoPBX is an interface for managing additional system components that expand its functionality. Here, administrators can install, update, enable or disable modules, adding new features or integrations with external services. This section allows you to adapt the system to the specific needs of the company, ensuring flexibility and scalability of the telephone network.
Application dialplans
MikoPBX dialplan applications are a set of tools that allow you to set up individual call processing scenarios within the system. With their help, you can define a sequence of actions that the system will perform when a call is received or made. This may include redirecting a call to a specific extension, playing special audio messages, requesting additional information from the caller, or performing other functions.
Using dialplan applications, you can flexibly customize the logic of the telephone system to the needs of your business without delving into complex programming. This makes it easier to create complex call processing scenarios, allowing you to improve the efficiency of communications and improve the level of customer service.
Requires intermediate storage for the backup (e.g., local disk or cloud).
Option #2: Transfer Using SFTP and Scheduled Backups
Description:
A backup is automatically created and saved directly to the target server via the SFTP protocol. This method is especially effective for large amounts of data.
Pros:
Suitable for large amounts of data.
Minimizes manual actions.
Provides direct data transfer between servers.
Considerations:
Requires SFTP configuration on both servers.
Needs correct SSH user settings for proper operation.
Option #3: Transfer Using rsync
Description:
The rsync command is used to directly synchronize data between the old and new servers. This method is convenient for experienced users.
Pros:
Fast synchronization, even for large data volumes.
Preserves access rights and directory structure.
Does not require creating intermediate backups.
Considerations:
Requires basic command-line knowledge.
Possible errors if configurations (e.g., paths) are incorrect.
Both servers must be accessible on the network at the same time.
Run the following command in the console to display disk names:
The disk names will be displayed. In this example, the disk names are:
Clear the superblocks on the disks:
Clean the old metadata:
Create the RAID1 array:
When prompted with "Continue creating array?", confirm by entering "y".
You can now proceed with the installation as per the installation guide. When selecting the disk during installation, choose md0.
Grub
TODO: You may need to modify the grub.cfg file. Otherwise, there is no guarantee that the system will boot if one of the disks fails.
Creating a user and directories on the host system
Before creating the container on the host machine, it's necessary to create a user and group with limited permissions, as well as a folder for storing configuration settings and call recordings
Useful commands
Command to connect to the PBX console:
Command to connect to the PBX console menu:
Connecting to sngrep for SIP analysis
# Update package list and install required dependencies
sudo apt update
sudo apt install apt-transport-https ca-certificates curl software-properties-common
# Add the GPG key for Docker's official repository
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
# Add Docker's repository to the APT sources list
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
# Install Docker CE
sudo apt update
sudo apt install docker-ce
# Install Docker Compose
sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose
# Verify Docker Compose version
sudo docker-compose --version
# Creating a new user (e.g., www-user) without superuser rights
sudo adduser --disabled-password --gecos "" www-user
# Creating directories for data storage
sudo mkdir -p /var/spool/mikopbx/cf
sudo mkdir -p /var/spool/mikopbx/storage
# Granting the created user ownership of the directories
sudo chown -R www-user:www-user /var/spool/mikopbx/
sudo docker exec -it mikopbx sh
sudo docker exec -it mikopbx /etc/rc/console_menu
sudo docker exec -it mikopbx sngrep
".
"Add conference" button
You must specify the name of the conference and its internal number, by calling which you can enter this conference
New conference room parameters
To prevent unauthorized access to the conference by employees for whom the discussion is not intended, you can secure the conference room with a password. To do this, fill in the "Conference Pin" field. Only digits can be entered in this field, with a minimum requirement of at least one digit.
Conference PIN field
In this case, to join the conference, employees will need to enter the PIN code after dialing the conference PIN.
Characteristics of conference calling include:
Communication is conducted solely through voice (no other means of information transmission besides speech are provided).
All participants can speak and hear each other simultaneously, ensuring duplex communication.
Participants use telephones (hardware or software) for communication.
Usage:
Each participant dials the conference number. The first participant hears hold music until at least one more participant joins the conference. An employee can transfer their caller into the conference by using specific key combinations on their phone. Transfers can be made to both internal and external numbers. The key combination for transfers is set in the System -> General Settings -> Call Transfers section.
Example: An employee dials the combination **1111 (the combination for unconditional transfer), and their caller joins the conference as its first participant. The call is completed for the transferring employee, and to join the conference, they dial the conference number 1111.
The maximum number of conference participants is not limited.
Audio files in MikoPBX are used in various call scenarios and interactive voice menus
(
In
IVR menu
, during
non-working hours
, in
call queues
, for various system notifications, and in
hold music
.) to play voice greetings or notify customers.
The list of available sound files is displayed in the "Telephony" -> "Sound files".
"Sound files" section
To add a new sound file, click "Add a new sound file".
"add a new sound file" button
Click "Upload a new file" and select a sound file.
"Upload a new file" button
Correct the file name if necessary.
The name of the recording file
Save settings
"Save settings" button
When working over the https protocol, it is possible to record an audio file using a microphone.
"Start recording" button
Sound files are stored on the PBX along the path /storage/usbdisk1/mikopbx/media/custom
Music on hold
The function is available starting from version 2020.2.XXX
If a client gets into a queue during a call or is waiting for redirection, the PBX plays a melody for him. It is possible to download your own tunes for listening while waiting.
You can do this on the "Music on Hold" tab as described above.
"Music on hold" tab
Display all calls;
Filter calls based on criteria;
Visually identify missed calls from the call log;
Download or listen to call recordings.
Each entry in the call log contains information about:
The caller’s phone number (Who);
The recipient’s phone number (To Whom);
The date and time of the call (Call Date);
The duration of the call (Duration) – this excludes time spent on greetings or announcements.
Calls marked in red are missed calls. Their duration is logged as zero, and these calls cannot be played back:
Missed calls
For answered calls, users can listen to or download the recording. Call recordings are downloaded locally to your PC in .mp3 format.
Listen to the recording function
Each call log entry provides detailed information about the participants involved.
Detailed information
Filters
To apply a filter, press Enter after entering the search criteria.
The search bar in the Call History page supports the following filters:
Phone Number Filter
You can search using either an internal staff number or an external client number.
Filter by Phone number
Two Phone Numbers Filter
Enter two phone numbers separated by a space. For example, entering "74952293042 302" will display all answered calls between these numbers. Answered calls are those with a duration greater than 0 seconds, excluding greeting time.
Filter by 2 numbers
Date Filter
When opening the Call History, the log defaults to the current date. To filter for a specific period, select the date range and click Apply.
Filter by date
Call detail records (CDR)
"Add time interval" button
A form for creating a new rule will open.
A form for creating a new rule
In the form, you will find the following fields:
Period: The calendar period when employees are absent from the office, such as during New Year's or May holidays.
Weekdays: Specific weekdays for which the rule will be applied.
Time Range: The time period during the day when employees are absent.
Incoming Call Action: You can choose to play a sound file or perform a call transfer. Call transfer options include transferring the call to a conference, IVR menu, queue, internal employee extension, or specific termination numbers.
In the Note field, you can add a note with a description of the created rule, so that you can quickly navigate through the essence of this rule using this description. With the eraser button, you can clear the fields opposite which this button is located.
Apply only to certain incoming routes
By activating this function, a new menu "Route restrictions" will appear on top of you
"Apply only to certain incoming routes" switch and "Route restrictions" Section
Here you can choose which specific routes the rule you are creating will apply to.
"Route restrictions" section
Examples of rules
This rule is used for calls during non-working hours from Monday to Friday, specifically from 7:00PM to 9:00 AM:
Example of the rule
This rule is used to handle calls on Saturdays and Sundays:
Example of the rule
"Call routing" -> "Night and Holiday Switch" Section
As long as there are active calls, the reboot and shutdown will not be available via the web interface.
List of active calls
Restart the PBX - the command starts restarting the station.
Turn off PBX - completes all processes and disconnects the station.
System shutdown/reboot options
Rebooting the station via the console menu
You can restart the station via the console menu. To do this, select the section "[3] Reboot the system"
MikoPBX console
If you want to restart the station: press "[1] Reboot MikoPBX"
If you want to turn off the station: press "[2] Shutdown"
The system will reboot.
Restart/shutdown station
Reboot with disk check
In case of an emergency restart of the PBX (for example, power outage), it may be necessary to check the disk for errors.
In the PBX console menu, enter the command "[9] Console(Shell)" and press Enter.
System launch the MikoPBX console.
Console menu MikoPBX
Enter the command reboot. Press Enter.
The system will reboot with a disk check.
Reboot command
"Maintenance" -> "Reboot" section
8
on the keyboard) and press
Enter
.
You need the command "Update to version ****.*.**". Press the number 2 on the keyboard, then press Enter.
The update installation will begin. When it is complete, the PBX will reboot.
Update installation process
After the PBX reboots, the message "The system loaded in Recovery mode" will no longer appear, indicating that the PBX has booted from the hard disk and not from the virtual optical drive.
The installed update version will be displayed in green at the top.
The Anti brute force settings can be found at the bottom of the "Network Firewall settings":
"Anti brute force" section
If a certain number of failed login attempts (Number of attempts for blocking) occurs within a specific period (Within (seconds)), the IP address will be blocked for a specified duration (Block for (seconds)).
The whitelist of addresses defines IP addresses that will not be blocked by Fail2ban. You can specify individual IP addresses like 93.188.40.10 or subnet like 93.188.40.10/32. The separator used is a 'space'.
Please note that if you have set the 'Never block addresses from this network' option in the 'Network Firewall' section for a subnet, that subnet is automatically added to the whitelist, and you don't need to add it manually. It is not recommended to manually populate the whitelist of IP addresses. It is preferable to specify IP addresses only in exceptional cases.
Parameters of the Anti Brute Force rule
The list of blocked addresses shows which IP addresses are currently blocked.
Blocked addresses list
You can also unblock an address by clicking on the corresponding icon in the table.
Unlock button
"Firewall and anti-hacking protection are enabled" switch
Download your archive by clicking the corresponding button in the "Backup Module" section:
Button to download archive
On the new host (server) with your MikoPBX installation, restore from the archive by clicking "Upload backup file":
"Upload backup file" button
After this, your system will be restored from the archive. This method is ideal for transferring small amounts of data.
Installing the system on a USB drive (Bootable USB)
Before starting, download the disk image file with the .raw extension. You can do this here.
Installing the system on a USB drive
Windows
The USB drive must be at least 1 GB in size. All data on the USB drive will be deleted!
This guide uses the balenaEtcher utility. You can download it .
First, format your USB drive with the following parameters:
File system - FAT32
Allocation unit size - 8192 bytes
Open balenaEtcher. Click "Flash from file" and select the previously downloaded .raw file.
Click "Select target".
From the list, select your USB drive. Then click "Select 1".
Next, click "Flash!"
Wait for the process to complete. Then proceed to the section .
MacOS
Connect your USB drive and open the Terminal.
The USB drive must be at least 1 GB in size. All data on the USB drive will be deleted!
Run the following command:
This command displays all connected disks. Look for the disk labeled (external, physical).
In our case, it is disk4 (the number may differ on your system). Use this number in the following steps.
Next, format the USB drive using this command:
All data on the disk will be deleted! Double-check the disk name before formatting!
Enter your administrator password when prompted and wait for the formatting to complete.
Unmount (disconnect) the disk using the following command:
Write the image to the USB drive using this command:
Wait for the writing process to complete. Then proceed to the section .
Linux
In this example, the image writing process will be demonstrated on Ubuntu 24.04.
Connect your USB drive and open the Terminal.
The USB drive must be at least 1 GB in size. All data on the USB drive will be deleted!
Run the following command:
This command displays information about all connected disks. Find your USB drive in the list and note its name. In our case, it is sdb.
Next, format the USB drive using this command:
All data on the disk will be deleted! Double-check the disk name before formatting!
Enter your administrator password when prompted and wait for the formatting to complete.
Unmount (disconnect) the disk using this command:
Write the image to the USB drive using this command:
Wait for the process to complete. Then proceed to the section .
Booting from USB drive
Boot from the USB drive. If errors occur (black screen), make sure that:
Secure Boot - Disabled
CSM (Compatibility Support Module) - Enabled
The system has successfully booted, but no drive is connected for storing call recordings. To connect it, use the arrow keys to navigate to "[6] Data storage" and press Enter.
Then select "Mount drive as data storage" to connect the disk.
Select the disk that will be used to store call recordings. Enter its ID (name), for example sdc in our case, and press Enter.
After this, the system will reboot and will be ready for use and for the first login to the Web interface.
To open the Web interface, enter your MikoPBX IP address in your browser’s address bar.
Use the default login credentials.
Default credentials for first login to the Web interface:
Login: admin
Password: admin
Firewall
Description and configuration of Firewall rules in MikoPBX
The Firewall in MikoPBX is an interface for configuring the system's firewall. Here, administrators can create and manage network traffic filtering rules, controlling access to MikoPBX and protecting it from unauthorized access and network threats. Configuring the firewall ensures the security of the telephone system, preventing potential attacks and ensuring stable operation in the organization's network infrastructure.
In MikoPBX, all local subnets can be described in the "Network and Firewall" → "Firewall" section. The firewall is designed to restrict access to the station by traffic type and subnets.
Section "Network and Firewall" -> "Firewall" in MikoPBX
To add a new rule, you need to click on the button:
Button for creating a new rule
General settings
You can give the rule any custom name. To the right of the subnet address, there is a field for Subnet Mask in CIDR format.
Available services
SIP&RTP - registration of phones and voice traffic. Session Initiation Protocol is used for establishing connections between VoIP phones.
WEB - access to the administrative interface for configuring the PBX. SSH - root access to the system.
SSH (Secure Shell) allows accessing the MikoPBX console.
Advanced Options
Each subnet has a flag 'Is it a VPN or a local network'. When this flag is set, MikoPBX will present itself as a local IP to all local subnets instead of external ones.
The flag 'Never block addresses from this network' should be enabled only for trusted subnets. If this flag is enabled, intrusion prevention rules will not apply to this subnet
Updating the docker
Upgrade option for MikoPBX in Docker container
To update the MikoPBX container to the latest version, you can follow these steps in the command line. These steps include stopping the current container, downloading the new version of the image, and running the container with the updated image.
Updating the docker
First, you need to properly stop the running container. After stopping the container, you can safely remove it
To launch a new container using the latest image version with the same settings as before, use the following commands:
Updating using Docker compose
First, you need to properly stop the running container. After stopping the container, you can safely remove it
The next step is to download the latest MikoPBX image:
An example of the docker-compose.yml file that can be used to update your MikoPBX container through Docker Compose:
Save the contents to a file named docker-compose.yml, make the necessary adjustments, and run the command:
Notes
Data: Since data is stored in Docker volumes (mikopbx_cf and mikopbx_storage), it remains untouched during the update, preserving settings and user data.
Environment Variables: Ensure that all necessary environment variables are correctly passed.
Safety: Always create backups of your data before updating.
These steps will help ensure a smooth and safe update of your MikoPBX container.
Updating from the web interface
Update option from the web interface
In some sections of the interface (e.g., Extensions), the current version of MikoPBX is displayed in the lower right corner.
Displaying the version in the web interface
In the PBX web interface, go to Maintenance → PBX update.
"PBX update" section
If there are newer versions of the PBX available, they will be displayed in the Online updatesavailable table, with the version number in the first field and the list of changes in the second.
We recommend performing updates sequentially without skipping releases.
There are two update options: online update and update using a downloaded img file.
Online upgrade
Be cautious! If the system is installed on the same disk where call recordings are stored, there may be difficulties with the update.
Updates are downloaded to the PBX and applied immediately.
To update this way, click the button for the desired version.
A warning window will appear. Click Upgrade.
The PBX will download and apply the updates, and then reboot.
Update using a downloaded img file
Please note that this method can also be used to roll back to a previous version.
To update using this method, click the button for the desired version.
The img file will start downloading. Wait for the download to complete.
Then click the button and select the downloaded img file.
Then click Apply the update, and in the warning window, click Upgrade.
The updates will be applied, and the PBX will reboot upon completion.
Then go to the "Proton Mail" -> "IMAP/SMTP" section.
Scroll down to the "SMTP submission" section. Click "Generate token".
Enter an arbitrary name in the "Token name" field — MikoPBX in our case — and select the Email address for which you are creating the token.
A token will be created. Its parameters will be shown only once and will become unavailable once you close the window. Save them, as we will use them for further configuration.
Connecting in MikoPBX
Go to the "System" -> "Mail and Notifications" section.
Go to "SMTP Settings". Fill in all the required parameters:
Sender Address - your email address that you used to generate the token.
Sender Name - the name from which the mail is sent.
Authentication Type - "Username and password".
Click "Save".
Click "Test connection". You will see the following window confirming that the entered data is correct:
Fine-tuning the firewall
When publishing a PBX on a public IP address, the task arises to protect the speaker from scanners, pests who are trying to pick up passwords to SIP PBX accounts. If a simple numeric password is set, it will be picked up very quickly, which will cause losses.
For basic protection against scanners, fail2ban must be enabled. Additionally, you can fine-tune the iptables rules.
Go to the "System file customization" section
"System file customization" section
Go to edit the /etc/firewall_additional file
Set the "Add to end of file" mode, insert the following code:
The added rule allows blocking all incoming requests over the UDP protocol that contain the substring "friendly-scanner"
A more complete example of a set of rules:
This will protect you from most scanners that I mention User-Agent when requesting.
Storing Recordings in a Shared Windows Folder
In some cases, it is necessary to save call recordings on a network drive. This example shows how to connect a shared Windows folder to MikoPBX.
Note: If the network folder becomes unavailable, it may cause disruptions in PBX operation.
Next, generate an SSH key by entering the following command:
This will generate an "ed25519" key with the comment "" to identify it. You can specify a path for the keys by adding -f and a path, for example:
After this, the key pair will be created in the specified directory. One file will contain the public key, and the other the private key.
Run the following command to retrieve the public SSH key:
Copy the public key from the output.
Open the MikoPBX web interface and go to "System" → "General Settings":
Navigate to the SSH section and paste the public key into the "SSH Authorized Keys" field in the following format:
Click "Save settings":
Connecting via SSH
To connect via SSH, run the following command in PowerShell:
Replace the following based on your parameters:
The path to your SSH key.
The IP address of your MikoPBX instead of mikopbxipadress.
You will then be connected to the MikoPBX console via SSH:
Setting up E-mail notifications for the Gmail mail service
Setting up mail for gmail service
Always use "Application Passwords" for authorization. See instructions. Instructions for setting up smtp from Gmail.
To receive notifications about missed calls by email, you need to configure the SMTP client. Detailed information about notifications in MikoPBX is reviewed here. As part of this instruction, an example of setting up missed call notifications for the Gmail mail service will be considered.
Enter the IP address of the MikoPBX PBX in the browser and go to System → Mail Settings
SMTP Client Settings for Gmail service:
SMPT host - smtp.gmail.com
SMPT port - 465 (Customer Service port)
SMPT login and Sender address- the E-mail from which messages about missed calls will be sent
Save the entered settings and proceed to setting up your email account. A feature of the Gmail service is that access to your account is automatically denied to untrusted applications, which include MikoPBX, so you need to manually allow access to these applications (setup instructions are posted ).
Go back to System → Mail Settings. We will send a test letter to the e-mail of any service. In case of successful testing, a test email will be sent to the email address you specified.
You can read about how to set up a letter template to create an E-mail notification .
Resetting WEB Interface Credentials
Steps to reset the WEB interface credentials from the MikoPBX console
You may encounter a situation where you have forgotten the username or password for the MikoPBX web interface. This guide explains how to reset them.
Authorization failed
Solution
Go to the MikoPBX console.
The location of the console depends on the installation method:
If installed on a physical server - on the monitor connected to the server.
If installed in a virtual machine - in the virtual machine management console.
If installed in the cloud - in the cloud serial console (also in the virtual machine management console).
Select the option "[7] Reset password for the web interface".
Type y to confirm resetting the login and password.
Log in to the web interface using the default credentials:
Default web interface credentials:
Username: admin
Password: admin
After the first login, you will be prompted to change the credentials.
Resetting the Password in a Docker Container
Access the container shell:
Replace mikopbxContainerNameOrID with the name or ID of your container.
Launch the menu using this command:
Navigate to "[7] Reset password for the web interface".
Enter "y" to confirm resetting the username and password.
Log in to the web interface using the default credentials:
Default web interface credentials:
Username: admin
Password: admin
Change the login credentials after the first authorization:
Backup Internet and Provider Re-Registration
Configuring Backup Internet
If your PBX is behind NAT and its public IP address changes, the PBX may not receive incoming calls until it re-registers with the provider, which by default can take 2–6 minutes.
Create the IP Check Script
Connect using SSH into your MikoPBX (documentation about different ways to do that - here)
Create a new script file with this command:
The system will wait for input; paste the following script into the terminal:
Press CTRL+D to finish.
Make the file executable:
Schedule the Script
Go to the MikoPBX web interface → "System" → "System file customization":
Open the file: /var/spool/cron/crontabs/root
Append the following line to the end of the file:
This schedule runs the script every minute to check for a changed public IP. If the IP has changed, it re-registers all providers.
If the IP changes, you’ll see an informational log in system/messages stating the old and new IP addresses.
Installation via writing the image to a USB drive (Live USB)
Installing the system by writing the image to a USB drive
Writing the image to a USB drive
Windows
Before starting the process, format your USB drive with the following parameters:
VMware ESXi
Installing MikoPBX using VMware ESXi.
Creating a Virtual Machine
Start by creating a new virtual machine.
Enter the
Hyper-V
Installing MikoPBX using Hyper-V.
Creating a virtual machine
Select Action / New / Virtual Machine
Proxmox
Installing MikoPBX using Proxmox.
Loading the MikoPBX image
Open the local / ISO images tab and select Download from URL
UTM
Installing MikoPBX in UTM
In this manual, the installation will be performed on UTM. Before it starts, download the disk image file with the ".iso" extension. You can do this by .
This instruction has been relevant since the first release, published in 2026. Tested on Apple Silicon processors.
Digital Ocean
Installing MikoPBX using the DigitalOcean Cloud Platform
This guide applies to MikoPBX version 2024.2.111 and newer!
In this guide, we will perform a step-by-step installation of MikoPBX using the DigitalOcean cloud platform.
Before beginning, you need to copy the download link for the latest .raw MikoPBX image. You can find these on .
AWS Marketplace
Installation guide for MikoPBX image from AWS Marketplace
Sign in to the service Amazon Web Services
MikoPBX in AWS Marketplace:
Let's get started with the setup
For quick and convenient navigation within the Amazon service, use the search panel
Connecting DigitalOcean S3 Storage
Instructions for connecting DigitalOcean Spaces Object Storage as an S3 storage
Creating a Bucket and Access Keys
Go to the DigitalOcean console ().
Transfer using rsync
A method for transferring MikoPBX to another host using rsync (preferred)
This article discusses transferring data to a new host using rsync. This approach uses a generated SSH key for authentication, making it the most reliable and therefore the recommended method.
Schematically, the transfer process can be depicted as follows:
Creating the Script File and Adding Content
Storage
Disk space usage and storage settings
The "Storage" section in MikoPBX allows you to monitor disk space usage and manage data storage settings. It provides a detailed breakdown of occupied space by category: call recordings, system logs, backups, and other files. In addition to local storage monitoring, the section allows you to configure automatic upload of recordings to an S3 cloud storage.
Section location: "Maintenance" -> "Storage".
Storage information
# Stop the current container
sudo docker stop mikopbx
# Remove the current container
sudo docker rm mikopbx
# Downloading the latest container image version
sudo docker pull ghcr.io/mikopbx/mikopbx-x86-64:latest
# Starting the container in unprivileged mode
sudo docker run --cap-add=NET_ADMIN --net=host --name mikopbx --hostname mikopbx \
-v data_volume:/cf \
-v data_volume:/storage \
-e SSH_PORT=23 \
-it -d --restart always ghcr.io/mikopbx/mikopbx-x86-64:latest
ssh -V
SMPT Password - the email password required for authorization
# Stop the current container
sudo docker stop mikopbx
# Remove the current container
sudo docker rm mikopbx
# Downloading the latest container image
sudo docker pull ghcr.io/mikopbx/mikopbx-x86-64:latest
docker-compose.yml
services:
mikopbx:
container_name: "mikopbx"
image: "ghcr.io/mikopbx/mikopbx-x86-64:latest"
network_mode: "host"
cap_add:
- NET_ADMIN
entrypoint: "/sbin/docker-entrypoint"
hostname: "mikopbx-in-a-docker"
volumes:
- data_volume:/cf
- data_volume:/storage
tty: true
environment:
# Change the station name through environment variables
- PBX_NAME=MikoPBX-in-Docker
# Change the default SSH port to 23
- SSH_PORT=23
# Change the default WEB port to 8080
- WEB_PORT=8080
# Change the default WEB HTTPS port to 8443
- WEB_HTTPS_PORT=8443
volumes:
data_volume:
#!/bin/bash
# File to store the previous IP
IP_FILE="/tmp/last_ip.txt"
# Command to retrieve the current public IP
CURRENT_IP=$(/usr/bin/curl -s https://checkip.amazonaws.com)
# Check if the file with the previous IP exists
if [ -f "$IP_FILE" ]; then
LAST_IP=$(cat "$IP_FILE")
else
LAST_IP=""
fi
# Compare the current IP with the previous IP
if [ "$CURRENT_IP" != "$LAST_IP" ]; then
/bin/busybox logger -t 'UpdateIP' "IP changed: $LAST_IP -> $CURRENT_IP"
echo "$CURRENT_IP" > "$IP_FILE"
# Trigger an Asterisk command
/usr/sbin/asterisk -rx 'pjsip send register *all'
fi
The image will be written using the Rufus utility. You can download it here.
Rufus main page
The USB drive size must be at least 1 GB. All data on the USB drive will be deleted!
After installing the utility, open its interface. In the "Device" section, select your USB drive, click SELECT, and choose the previously downloaded .iso image. Its verification will begin.
Selected image and disk
Once verification is complete, set the following parameters and click START:
File system - FAT32
Cluster size - 8192 Bytes
Quick format - checked
Create extended label and icon files -uncheck this option
Starting the image writing process
In the popup window, select "Write in DD Image mode" and click OK.
"Write in DD image mode" option
In the confirmation window warning that all data on the disk will be erased, click OK.'
Disk format confirmation
Wait until the image writing process is complete. When done, you’ll see the message "READY".
Then proceed to the section "System installation".
Successfully writed image
MacOS
Connect your USB drive and open the Terminal.
The USB drive size must be at least 1 GB. All data on the USB drive will be deleted!
Run the following command:
This will display information about all connected disks. Find the one labeled (external, physical) — for example, disk4 (the number may differ on your system). Use its number for the next steps.
List of all available disks
Next, format the USB drive with this command:
All data on the disk will be deleted! Double-check the disk name before formatting!
Enter your admin password when prompted and wait until formatting completes.
Formatting the disk
Unmount (disconnect) the disk using this command:
unmountDisk command
Write the image to the USB drive using this command:
Wait until the writing process is complete. Then proceed to the section "System installation".
Successfully writed image
Linux
This example uses Ubuntu 24.04 to demonstrate the image writing process.
Connect your USB drive and open the Terminal.
The USB drive size must be at least 1 GB. All data on the USB drive will be deleted!
Run the following command:
This will display information about all connected drives.
Find your USB drive in the list and remember its name. In our example, it is sdb.
lsblk command
Next, format the USB drive with the following command:
All data on the disk will be deleted! Double-check the disk name before formatting!
Enter your admin password when prompted and wait until formatting completes.
Disk fromatting
Unmount (disconnect) the disk using this command:
umount command
Write the image to the USB drive using this command:
Wait until the writing process is complete. Then proceed to the section "System installation".
Successfully writed image
System installation
Boot from the USB drive.
If errors occur (black screen), make sure that:
Secure Boot - Disabled
CSM (Compatibility Support Module) - Enabled
System booted from LiveUSB device
The system is booted in LiveCD mode — indicated by the red message. To install, use the keyboard arrows to navigate to "[8] Install" and press Enter.
Section "[8] Install"
Select the disk where the system will be installed. Enter its ID (name), for example sdc.
Selecting the system disk
Confirm your choice by typing "y" to continue.
All data on the selected disk will be erased!
Confirmation of your choice
After installation, you will be asked to select a disk for storing call recordings.
Make your choice as before.
Selecting the records storage disk
After that, the system will reboot and be ready for use and the first login to the Web interface.
Successfully installed system
To open the Web interface, enter the IP address of your MikoPBX in your browser’s address bar.
Use the default login credentials.
Default credentials for first login to the Web interface:
Login: admin
Password: admin
Name
,
Type
, and
Version
of the virtual machine, as shown in the image below.
Name, Type and Version of the virtual machine
Select a datastore for the virtual machine.
Allocate 1024 MB of memory to the virtual machine and create a new virtual hard disk for the system with a size of 1024 MB.
Size of RAM and memory for the system hard drive
Choose the SCSI controller type and adapter type, as shown in the image below.
Controller type and adapter type
Select BIOS as the Firmware option.
"Boot options" section
Review and save the changes.
Configuring the Virtual Machine
Open the settings of the created virtual machine. Create a new hard disk for storing call recordings.
We recommend allocating at least 50 GB for this disk.
Go to the CD/DVD Drive tab. Upload the ISO image for installation, and check the box next to "Connect at power on."
Loading a system image
Installing MikoPBX
Start the virtual machine.
The MikoPBX command-line interface will open as the PBX starts loading from the optical disk containing the ISO image. You will see the message: "The system is loaded in recovery mode (Live CD)".
System is loaded in recovery mode
Use the arrow keys to navigate the menu, and press Enter to select an option. You can also press the corresponding number on the numpad.
Install MikoPBX:
All data on the disk where MikoPBX is being installed will be lost.
Go to [8] Install:
[8] Install - for installation process
Information about all available disks will appear (in this example: sdb, sdc).
Available disks for the system
Enter the name of the disk you intended as the "system" disk, in this case, sdb, and press Enter (or simply press Enter if it’s already selected).
The system will prompt for confirmation. Type y and press Enter:
Once installation is complete, you will be prompted to select a disk for storing call recordings.
Approximately 14 MB of storage is required for every 1 hour of recorded conversation.
Enter the disk name (in this example, the only available disk is sdc) and press Enter.
Available disks for the storage
After installation, the system will reboot.
MikoPBX will now boot from sdb, the system disk, and the line "The system is loaded in Recovery mode" will no longer appear—indicating a successful installation.
This completes the MikoPBX installation.
First Login to MikoPBX
To access the control panel, enter the virtual machine's IP address in your browser's address bar.
IP-Address of the MikoPBX
Web interface login window
The default login credentials are admin for both username and password.
This completes the MikoPBX installation.
On the Specify Name and Location tab, enter the name of the virtual machine, for example mikopbx-vm
Configuring Virtual Machine
Proceed to the Specify Generation tab, and select Generation 1
Configuring Virtual Machine
On the Assign Memory tab, allocate the required amount of RAM based on the expected load on the PBX. For a test machine, you can specify 2 GB
Configuring Virtual Machine
Proceed to the Configure Networking tab, and select a pre-configured network connection
Configuring Virtual Machine
On the Connect Virtual Hard Disk tab, adjust the system disk size to 1 GB
Configuring Virtual Machine
On the Installation Options tab, check the Install an operating system from a bootable CD/DVD-ROM option
Select Image file (.iso) and provide the link to the MikoPBX distribution file with the .iso extension
Configuring Virtual Machine
After entering all values, click the Finish button
Configuring Virtual Machine
Data storage disk
For deploying the PBX, use two disks:
a 1 GB disk for the main system
a 50+ GB disk for storing call recordings
Go to the settings of the created virtual machine
Select the IDE controller to which the system disk is connected
On the opened tab, select Hard Drive and click the Add button
Click the New button
On the Choose disk format tab, select VHD
Adding second hard disk
On the Choose disk type tab, select Fixed size
Adding second hard disk
On the Specify name and location tab, specify the name (e.g., storage.vhd) and the location of the disk
Adding second hard disk
On the Configure Disk tab, set the disk size for data storage to at least 50 GB
Adding second hard disk
Use the default values for other fields
Complete the setup by clicking the Finish button
Adding second hard disk
Installing MikoPBX
To start the virtual machine, click Connect... -> Start
"Connect..." button
Go to the Connect tab of the created virtual machine mikopbx-vm
If the boot is successful, a console menu will appear. Enter 8 from the keyboard to start the installation
Installing MikoPBX
Select the system disk and enter the disk name from the keyboard, for example sda. Confirm the selection by entering y from the keyboard
Installing MikoPBX
Installing MikoPBX
Connect the disk for storing call recordings, and enter the disk name for connection from the keyboard, for example sdb
Installing MikoPBX
When the message "Press any key within 30 seconds to boot from LiveCD..." appears, do not press any buttons. In this case, the system will boot from the hard drive.
Starting MikoPBX
To access the MikoPBX web interface, enter your virtual machine's IP address in your browser's address bar. You can find the IP address in the console.
MikoPBX IP-address
Enter the IP address in your browser’s address bar. Log in using the default credentials.
Use the following default credentials for the first login to the MikoPBX web interface:
Username: admin
Password: admin
MikoPBX web-interface authorization page
In the URL field, paste the link to the MikoPBX distribution file with the .iso extension
Click the Download button and wait for the file to finish downloading
Loading the MikoPBX image
Creating a virtual machine
Select Create VM
On the General tab, enter the name of the virtual machine, for example mikopbx-vm
Configuring virtual machine
Go to the OS tab, and in the ISO image field, select the previously downloaded image
Set the OS type to Linux
Configuring virtual machine
On the System tab, uncheck the Qemu Agent box, and use the default values for other fields
Configuring virtual machine
To deploy the PBX use two disks:
A 1 Gb disk for the main system
A 50+ Gb disk for storing call recordings
Go to the Disks tab
Adjust the size of the system disk to 1 GB
Configuring virtual machine
Click the Add button and add an additional disk for data storage
Specify a disk size of at least 50 GB
Configuring virtual machine
On the CPU and Memory tabs, specify the computing resources for the virtual machine based on the expected load on the PBX. For a test machine, you can set Cores (CPU tab) to 2 and Memory (Memory tab) to 2 GB
Configuring virtual machine
Configuring virtual machine
On the Network tab, uncheck the Firewall box
Configuring virtual machine
Go to the last tab, Confirm, and check the Start after created box
After entering the values, click the Finish button
Configuring virtual machine
Installing MikoPBX
Go to the created virtual machine mikopbx-vm
On the open tab, go to the Console section
If the boot is successful, a console menu will appear. Enter 8 from the keyboard to start the installation
Installing MikoPBX
Select the disk for the system and enter the disk name from the keyboard, for example sda. Confirm the selection by entering y from the keyboard
Installing MikoPBX
Installing MikoPBX
Connect the disk for storing call recordings, enter the disk name for connection from the keyboard, for example sdb
Installing MikoPBX
When the message "Press any key within 30 seconds to boot from LiveCD..." appears, do not press any buttons. In this case, the system will boot from the hard drive.
Starting MikoPBX
To access the MikoPBX web interface, enter your virtual machine's IP address in your browser's address bar. You can find the IP address in the console.
MikoPBX IP-address
Enter the IP address in your browser’s address bar. Log in using the default credentials.
Use the following default credentials for the first login to the MikoPBX web interface:
Username: admin
Password: admin
MikoPBX WEB-interface authorization page
Creating a virtual machine
Go to UTM. Click "Create a New Virtual Machine" to create a new virtual machine.
The main page of UTM. Creating a new VM.
Select "Virtualize" as the VM type.
Selecting the type of virtual machine
Select "Preconfigured" - "Linux" as the operating system type.
Choosing the type of operating system
Select the previously downloaded disk image file in the "Boot ISO Image" section. To do this, click on "Browse...".
Selecting a disk image file for a VM
Next, specify the characteristics of your virtual machine. In our case, 2 GB of RAM and 2 processor cores will be used.
VM Configuration
Next, specify the size for the system disk. In our case, 1 GB.
MikoPBX uses two disks:
The system disk. The system is installed on it, the recommended size is 1 GB.
A disk for storing recordings of conversations. The recommended size is from 50 GB.
Specifying the size of the system disk
Click Continue.
The "Shared Directory" section
The final configuration of the VM will be displayed. Give it the desired name (the "Name" field). And click "Save".
The final configuration
Connecting a disk for data storage
Go to the VM settings. To do this, right-click on its name, then "Edit".
VM Settings
Go to "Drives". Click "New..."
"Drives" section
Create a new disk with the following parameters:
Interface - VirtlO
Size - at least 50 GB (in this documentation, 10 GB will be used for the test machine)
Click "Create".
Creating a second disk
System installation
Start the VM.
Launching a VM
After loading, you will see the message PBX is running in Live or Recovery mode. This means that the system is loaded from the disk image in Live mode. It is necessary to install the system. To do this, go to the "[8] Install on Hard Drive" section.
MikoPBX in LiveCD mode
Select the disk to install the system. In our case, vda and vdb disks are available, and we select the vda disk for installation.
Selecting a disk to install the system on
Confirm the selection: enter "y" from the keyboard and press Enter.
Confirming the disk selection
Next, select a disk for storing conversation recordings. In our case, the only remaining one is 10 GB size disk.
Selecting a disk for storing conversation recordings
After that, the system will reboot and be available in normal mode (the label "PBX is running in Live or Recovery mode" will disappear).
MikoPBX IP-address
Enter this IP address in the browser bar to access the Web interface.
Paste the link to the .raw disk image file you copied earlier.
Enter a name for the image, select the region where it will be uploaded (this should match the region of your future virtual machine), and choose "Unknown" as the operating system type.
Click "Upload image".
Image parameters
Wait for the image upload to complete.
Creating a Virtual Machine in the Cloud
Go to DigitalOcean’s main page:
DigitalOcean’s main page
To create a new virtual machine (Droplet), go to "Create" → "Droplets":
Creating a droplet
Select a region and datacenter for your virtual machine:
VM Parameters #1
Next, choose the previously uploaded image and configuration for your virtual machine:
VM Parameters #2
Go to the "Additional Storage" tab. Here, you can add a second disk that will be used for call recordings. To do this, click "Add volume" and specify the parameters for the new disk.
We recommend a minimum size of 50GB for the call recordings disk.
"Additional Storage" section
Go to "Choose authentication method." Here, you need to select "SSH Key" and add the key pair for SSH authentication. For more information on generating SSH keys, see:
Navigate to Manage → Spaces Object Storage. Click Create a Spaces Bucket to create a new bucket.
Spaces Object Storage section
On the bucket creation page, under Choose a datacenter region, select the region closest to your MikoPBX server. Choose Standard Storage.
Remember your region name (sgp1 in the screenshot below) — you will need it later when configuring MikoPBX.
Bucket creation parameters #1
In the Choose a unique Spaces Bucket name field, enter a name of your choice for the bucket.
Click Subscribe & Create Bucket.
Bucket creation parameters #2
Open the page of the newly created bucket by clicking its name in the Buckets section.
Created bucket in the Buckets section
Go to the Settings tab.
Settings tab on the created bucket page
Scroll down to the Access Keys section. Click Create Access Key to generate a new key pair.
Access Keys section
Fill in the required parameters for the new key:
Select access scope — Limited Access.
Buckets — select the bucket you created earlier.
Permissions — Read/Write/Delete.
Give this access key a name — enter an arbitrary name to identify this key pair.
Click Create Access Key.
Access key creation parameters
Your key pair values (Access Key ID and Secret Key) will be displayed. Save these values — you will need them when configuring MikoPBX.
Access key pair
Connecting to MikoPBX
Go to the Maintenance → Storage tab.
Storage section in MikoPBX web-interface
Open the S3 Cloud Storage tab and fill in the following fields:
Automatically upload recordings to cloud storage — enable the toggle.
S3 Endpoint URL — enter https://sgp1.digitaloceanspaces.com, replacing sgp1 with your region.
S3 Region — enter the region of your DigitalOcean bucket (e.g. sgp1 in this guide).
S3 Bucket Name — enter the name of the bucket you created in DigitalOcean (e.g. mikopbx-s3-storage in this guide).
Access Key and Secret Key — paste the values obtained in the first part of this guide.
Use the Local Storage (S3 mode) slider to configure how long recordings are kept locally before being deleted after upload to the cloud.
A shorter local retention period frees up disk space faster.
Click Save.
DigitalOcean S3 connection parameters
After saving the settings, click Test Connection. If the connection is successful, you will see the message "S3 connection successful" and synchronization of call recordings will begin.
First, establish an SSH connection to your new MikoPBX. You can find instructions on how to do this in this article.
Successful SSH connection to the new MikoPBX
Once connected, switch to the console ([9] Console). First, you need to create a directory to store the script file. Use the following command:
Navigate to the created directory:
Create the file "transfer-rsync.sh" to store the script:
Running commands to create a file
Next, you need to fill the file with the script content. You can find the script here.
Use the following command to download the script:
Running and Using the Script
Make the file executable:
Run the script:
You will be prompted to enter necessary information about your old MikoPBX:
IP address of your old station
Username for SSH authentication
Port for SSH authentication
Entering the required data
Next, you’ll be asked whether to generate a new key. If you haven’t done this before, type "y" to confirm. If you previously generated a key for accessing the second MikoPBX, type "n":
Generating a new key
A new SSH key will be created. You must copy this key and insert it into the web interface of your old MikoPBX at General Settings → SSH → SSH Authorized keys field.
Generated ssh key
Inserted key
After saving the key on the old MikoPBX, wait a few seconds, then press any key to continue the script.
The transfer of all data to the new host will begin. This may take some time.
After the transfer, always verify the integrity of all data before retiring the old MikoPBX!
Successful transfer
Data transfer scheme
The "Storage information" tab provides an overview of disk space usage.
At the top of the page there is a block with a horizontal chart that visually shows what share of the total disk volume each data category occupies. In the example, 56.0 GB out of 100.0 GB is used. Each segment of the chart is color-coded according to the legend:
🟠 Call recordings
🟣 Call history
🔵 System logs
🟢 Additional modules
🩵 Backups
🔴 System caches
⚫ Other files
"Storage information" tab
At the bottom of the page there is a list of data categories and the amount of storage each one occupies.
Local Storage
The "Local Storage" tab allows you to set the retention period for call recordings on the station. Use the slider to select the desired period:
30 days (1 month) — minimum retention period.
90 days (3 months) — recommended for small businesses.
1 year — for compliance with legal requirements.
Unlimited — store all recordings without restrictions.
Longer retention periods require more disk space.
Click "Save" to save the settings.
"Local storage" tab
S3 Cloud Storage
This tab is used to configure automatic upload of call recordings to an external S3-compatible storage (e.g.: Amazon S3, MinIO, Wasabi).
At the top of the tab there is a toggle "Automatic recording upload to cloud storage" — it enables or disables the upload feature.
To connect to a bucket, fill in the following fields:
S3 endpoint URL — the address of the storage service (e.g., https://storage.yandexcloud.net for Yandex Cloud S3).
S3 region — the region where the bucket is located (e.g., ru-central1 in our case).
S3 bucket name — the name of the bucket where recordings will be uploaded.
Access key and Secret key — service account credentials for authorization.
Click "Save" to save the settings.
"Cloud storage S3" tab
Next, click the "Test Connection" button — the system will perform a test connection and display the result at the top of the page. Upon successful connection, the message "S3 connection successful" will appear and synchronization of call recordings will begin.
Successful connection to S3 storage
At the bottom of the tab there is a "Local storage period (S3 mode)" slider — it determines how long recordings will be stored locally on the station after being uploaded to the cloud before being automatically deleted. The local retention period cannot exceed the total retention period.
Shorter local storage duration frees up disk space faster.
Proxmox LXC is a lightweight container solution within the Proxmox VE virtualization platform, based on LXC (Linux Containers) technology. They allow running isolated Linux systems with minimal resource consumption compared to full virtual machines.
Downloading the Container Template
Go to the "local" storage, then "CT Templates". Click "Download from URL" to open the template download dialog from a URL.
Go to with releases and copy the download link for the template file with the "lxc.tar.gz" extension.
Paste the link into the "URL" field and click "Query URL". If you copied the correct link, the "File name" field will be populated with the filename having the "lxc.tar.gz" extension.
Click "Download" to start the download.
After the download is complete, you will see the "TASK OK" message.
Creating an LXC Container
Click "Create CT" in the upper right part of the interface to create a new container.
Fill in all the basic container parameters:
Hostname — enter a name for the service.
Password — enter the password for logging into the MikoPBX web interface.
SSH public keys — generate and paste your SSH key. You will then be able to use it to connect to the station via SSH. More details about key generation and SSH connection can be found .
Click "Next".
Select the previously downloaded template in the "Template" section.
Click "Next".
Next, specify the system disk size. The recommended value is 1 GB.
Click "Add" to add a new disk.
Specify the size of the second disk — this is where call recordings will be stored. The recommended size is at least 50 GB. Also specify the disk path — "/storage".
Click "Add" to add a new disk.
Specify the size of the third disk for storing configuration. The recommended size is 0.5 GB. Also specify the disk path — "/cf".
Click "Next".
On the next tab, specify the number of CPU cores to be used. For a small company, 1–2 cores is sufficient (see for more details).
Click "Next".
Next, specify the amount of RAM and Swap memory for the container.
Swap is a disk area that the system uses as additional memory when RAM runs out. It operates significantly slower than RAM and serves as a reserve to prevent the system from terminating processes when memory is insufficient.
Click "Next".
In the next section, configure your network settings. In our case, DHCP is used to obtain an IPv4 address. The Firewall does not need to be enabled here, but it must be configured later in MikoPBX (see for more details).
Click "Next".
In the DNS settings section, click "Next".
You will see the final container configuration. Click "Finish".
First Launch
Go to the management window of the created container by clicking on its name. Click the "Start" button to launch it.
Then go to the "Console" tab. Wait for the system to load and find the web interface IP address.
Enter it in your browser's address bar. Then perform the first login to MikoPBX.
Login credentials:
Login: admin
Password: the password you set during the initial container creation.
Network interface
Description and configuration of network interfaces
The "Network Interface" section in MikoPBX is an interface for configuring the system's network connection parameters. Here, administrators can manage IP addresses, subnet masks, gateways, and other network settings for each network interface. This allows MikoPBX to be correctly integrated into the organization's network and ensure its stable operation in accordance with the requirements of the network infrastructure.
The section is located in "Network and Firewall" -> "Network Interface":
"Network Interface" Section in MikoPBX system
General parameters
The hostname is the name of the machine. If no value is specified, the default hostname used is 'mikopbx.local'.
Network interfaces
There are two ways to configure the IP address:
DHCP (Dynamic Host Configuration Protocol) can be used for automatic IP address configuration. Enable the 'Use DHCP to obtain network settings' switch. This is recommended for most users. To not rely on DHCP server settings (to provide a specific address), you can disable the switch.
If you do not want to use settings obtained from a DHCP server, you can configure the network manually. This requires some knowledge about the network topology. To the right of the IP address, there is a field for Subnet Mask in CIDR format. You should use the alternative format: /8 corresponds to the subnet mask 255.0.0.0, /16 corresponds to 255.255.0.0, and /24 corresponds to 255.255.255.0.
"VLAN ID" - MikoPBX supports virtual network interfaces. This is relevant only for physical PCs. Sometimes a PC may have only one network interface, and it may not be possible to connect a second one physically. Using VLAN, you can create a virtual interface that works 'on top' of the physical one. One of the advantages of using VLAN is that all phone calls can be routed through it, while the network equipment can 'tag' all VLAN traffic and guarantee a stable connection.
The number of network interfaces in MikoPBX is not limited.
Network topology
The 'Network interface with internet access' is the primary network interface through which access to external addresses (non-local) will be established.
If no DNS server address is specified, the default server 8.8.8.8 will be used.
Depending on your network topology, you need to perform the following steps to configure MikoPBX. The PBX can be behind a network router, which is the most common scenario, or it can have a public IP.
If the PBX is behind a router, you need to check the 'This station is located behind a NAT router' option.
If you know the external address of the station (IP or domain name) and have forwarded the ports of the PBX to the external world, it is recommended to fill in the fields 'External IP address of your router' or 'External hostname of your router'.
For all addresses that are not local to the PBX, the station will be represented by the external address:
If 'External IP address of your router' is empty and 'External hostname of your router' is filled, the PBX will be represented by the hostname (External hostname) field.
The external IP address is mandatory to fill in. If a domain name is specified, it takes priority, and the external IP address field is not used.
When enabling the option 'This station is located behind a NAT router,' it is mandatory to specify the external address or hostname of the router. Additionally, you need to perform port forwarding on the router for SIP port 5060 and RTP ports 10000-10200 to the local address of the PBX.
If your provider allows registration and you do not need to connect external subscribers, you can choose not to enable the option "This PBX is located behind a NAT router", even if the PBX is behind a NAT router.
Manual configuration of network routes
Go to the 'System' → 'System file customization' section.
Open the file '/etc/static-routes' for editing.
Select the 'To replace all' mode and insert the rule. For example, 'route add -net 54.246.198.136 netmask 255.255.255.255 gw 172.16.32.15 dev eth0'
We specify to the operating system that the specified IP address 54.246.198.136 can be found through the network interface 'eth0' and the request should be directed to the gateway (172.16.32.15).
The netmask '255.255.255.255' indicates that the rule will only be applicable to the address 54.246.198.136. If you need to create a rule for a group of addresses, for example, the entire subnet 54.246.198.0: In fact, it is the range of addresses from 54.246.198.1 to 54.246.198.254.
Click "Save settings".
Mail settings
Setting up mail and notifications
The Mail and Notifications section in MikoPBX allows you to configure sending system notifications via email. Here, administrators specify SMTP server parameters, define notification events such as voice messages or system errors, and edit email templates. This section helps to promptly inform users and administrators about important events, ensuring effective control over the system.
Connecting to the SMTP server
To receive notifications about missed calls and voicemail messages by email, you need to configure the SMTP client. SMTP (Simple Mail Transfer Protocol) is used to send e-mail over the Internet. SMTP clients interact with an SMTP server that sends email.
If the server supports a secure connection only over SSL, then you can explicitly specify the protocol in the "SMTP host" field, for example:
Setting up notifications for mail services:
Missed Notifications
It is possible to customize the address and template for notifications about missed calls:
Email for missed notifications - by default, missed notifications are sent to the email specified in the employee card. If the call cannot be matched with an employee or email is not specified, the call will be sent to this "shared" address
The subject, text, and footer of the letter may contain parameters in the form of PARAMETER_NAME
List of available "parameters":
NOTIFICATION_MISSEDCAUSE - currently always takes the value "NOANSWER", i.e. a missed call
NOTIFICATION_CALLERID - who was the call from
NOTIFICATION_TO - who was the call to
Voice mail
It is possible to set up an address and a template for a voicemail notification:
Voice mail will be sent to each employee who missed the call (if the email is specified in his card).
Voicemail will always be sent to the "Email address to receive all voice mail records"
It is possible to listen to the voicemail recording from the
The following "parameters" can be used in the subject, body and footer of the email:
VM_DATE - date and time
VM_CALLERID - caller's callerid, consists of name and num, example "Alex Magnet" <101>
VM_DUR - message duration
To specify a parameter, you need to use a construction of the form PARAMETER_NAME.
Click Save to complete the setup.
Mail Settings (New)
Mail and Notifications Settings
The "Mail and Notifications" section in MikoPBX allows you to configure sending system notifications via email. Here, administrators specify SMTP server parameters, define events for notifications such as voicemail or system errors, and edit email templates. This section helps keep users and administrators informed about important events in a timely manner, ensuring effective system monitoring.
"Mail and notifications" section in MikoPBX
General Settings
General mail settings
Enable Notifications - enables/disables all email notifications, including voicemail.
Common Email for Missed Call Notifications - a shared email address for sending notifications about missed external calls (if an employee has no email specified, this shared address is used).
Common Email for Voicemail Messages - a shared email address for sending voicemail notifications (priority: 1. Employee's personal email; 2. The email specified in this field).
Send login notifications - enables/disables system login notifications.
Send system notifications - enables/disables sending of system notifications.
System Administrator Email - the address to which system notifications will be sent.
SMTP Settings
Sender Address, Sender Name - emails will be sent on behalf of this address and name.
Authentication Type:
Username and Password - classic authentication method when connecting to an SMTP server, using a mailbox address (login) and password. All parameters (server, port, encryption, login, and password) are entered and stored manually.
OAuth2 Provider - the mail service through which OAuth authentication is performed (e.g., Microsoft/Outlook, Google/Gmail).
Application ID (Client ID) - the unique identifier of the application created in the control panel of the selected OAuth provider. Used so the provider knows which application is requesting access to the mailbox.
How to connect?
Our documentation includes several connection examples for each authentication type. Below you can find links to these instructions.
Login and password authentication:
OAuth2 authentication:
API Keys
Description of usage in MikoPBX
REST API MikoPBX allows you to automate station management and integrate it with external systems - CRM, helpdesk, corporate portals, and custom services. API keys are used to access the API.
Authorization
All REST API requests are authorized via the Authorization: Bearer <token> header. MikoPBX supports two token types:
Type
When to use?
For external integrations, always use an API key — it is created manually, has configurable access permissions, and can be revoked at any time.
Creating an API Key
Go to "System" → "API Keys".
`Click "Add API Key".
Fill in the Description field (e.g.: CRM Integration)
Copy the generated API key — it is displayed only once
Important: save the key immediately after creation. Once the page is closed, it cannot be recovered — you will need to create a new one.
Configuring Access Permissions
Follow the principle of least privilege — each key should only have access to the resources that are actually needed.
When creating a key, two options are available:
Full access — the key gets read and write access to all API resources. Use only if truly necessary.
Manual configuration — the access level for each API resource is specified individually: read-only, read and write, or no access.
"Read" allows you to retrieve data (GET)
"Read and write" allows you to create, modify, and delete data (POST, PUT, DELETE)
Network filter: choose one of two options:
Localhost connections only — the key will only work from the local network. Recommended if the integration runs within the infrastructure.
Connections from any address are allowed — the key is accessible without IP restrictions. Use only if the client is located outside the local network.
Security
Following these requirements protects the API from token interception and unauthorized access:
Valid SSL certificate:
Use a trusted SSL certificate on the MikoPBX server side. The easiest way is to issue a free certificate via the Let's Encrypt module (instructions for working with the module are available here).
Operating without a valid certificate is only acceptable in an isolated test environment with no internet access.
Certificate trust on the client side:
The client must verify the server certificate on every request. Disabling verification (verify=False in Python, -k in curl) is not acceptable in production: without it, a man-in-the-middle (MITM) attack becomes possible, where an attacker intercepts the Bearer token in plaintext.
Key scope restriction:
Each key must only have access to the resources actually used by the integration. Do not use "Full access" unless necessary — compromising such a key gives an attacker full control over the API.
Network access restriction:
If the integration runs within a local network — choose "Local connections only". This prevents a compromised key from being used from an external network.
Use "Allow connections from any address" only when the client is physically located outside the local network, and make sure all other security measures are in place — a valid SSL certificate and minimal key permissions.
Examples and Detailed Documentation
Click a card to navigate:
Module management
This guide explains how to connect, configure, and manage modules in MikoPBX. It also covers how to install applications using the built-in Marketplace.
Additional modules allow you to expand the functionality of the main system. In this guide, you will find information on managing modules and installing applications using the built-in Marketplace.
To use both paid and free modules, you need to register your copy of MikoPBX and obtain a free license key. Instructions on how to do this can be found here.
Detailed instructions for configuring and operating each module can be found here.
You can find the Module Management section under "Modules" -> "Marketplace of modules".
Installed Modules
This section allows you to manage modules: connecting them, configuring them, and uploading your own custom modules. Documentation on developing your own modules can be found .
All installed modules are listed under the tab of the same name:
You can upload your own module using the "Upload New Module" button. You need to upload .zip files. After uploading, the module will appear in the list under the "Installed Modules" tab.
You can also access the settings of any module for further configuration:
Additionally, you can enable or disable a module.
From the interface of an installed module, you can quickly access its documentation by clicking on the question mark to the right of the module's short description:
Quick Access to Modules
You can add any module to the sidebar menu for quick access, which can be useful if you need constant access to the module's settings to change parameters or its status.
To do this, follow these instructions:
Go to the settings of the module you want to add to the sidebar menu by clicking on the edit icon to the right of the module's version:
Click on the settings icon to the right of the module's status to access the display settings for the module in the sidebar menu:
In this section, you can:
Toggle the display of the module in the sidebar menu—"Show module in sidebar menu".
Choose the section where it will be displayed—in the example, the "Modules" section is selected.
Specify a custom name for the module if desired.
After completing the settings, click "Save".
Marketplace
In this section, you can install modules from MIKO as well as from partner developers.
Each module has a button for downloading and installing it. Basic information about the module with a short description is also displayed here.
To the left of the module's name, you can find an icon indicating whether it is paid or free. For example, in the image above, the "Access Control Management" module is paid, while the "Backup&Recovery module" module is free.
Each paid module has a trial period of 2 weeks. During this period, you can try the module's functionality and decide whether to purchase it. To purchase a module, write to
Module Card
You can access a module's detailed page by clicking on its name in the Marketplace interface.
Here you can find the version of the current release, information about the developer, and whether the module is paid or free. There are also three sections:
Module Description
This section contains images illustrating the module's functionality and settings. Additionally, there is a basic description of the module and a "Useful Links" section with a link to detailed documentation on configuring and operating the module.
Version History
In this section, you can find the module's version history with detailed descriptions of changes, as well as the minimum compatible version of MikoPBX for proper operation. You can also install a specific version of the module by clicking on the blue link under its description.
Activating Coupons
If you purchase a module, you will receive a coupon. To activate it, go to Modules -> Marketplace of modules:
Then navigate to the "License Management" section.
In the "Activate Coupon" field, enter your coupon code and click "Activate Coupon"
The protection key always starts with MIKO-. Coupons for modifying product composition always start with MIKOUPD-.
VMware Fusion
Installing MikoPBX using VMware Fusion.
Creating a virtual machine
Creating a new virtual machine.
Microsoft Azure
MikoPBX Installation Guide using Microsoft Azure
First, log in to the Microsoft Azure portal
Let's proceed with the setup.
For quick and convenient searching on the Azure portal, use the search bar.
Asterisk Manager Interface(AMI)
Setting up AMI access
Asterisk Manager Interface (AMI) is a powerful and convenient Asterisk programming interface (API) for managing the system from external programs. Thanks to the AMI, external programs can connect to Asterisk via the TCP protocol, initiate the execution of commands, read the result of their execution, as well as receive notifications about events in real time.
AMI is often used for integration with business processes and systems, CRM software (Customer Relationship Management - customer interaction management). Asterisk is often managed from the CLI console, but using AMI does not require direct access to the server running Asterisk. AMI is the simplest tool, which in the hands of a developer can be a very powerful and flexible tool for integration with other software products. It enables developers to use the information generated by Asterisk in real time.
The first thing to do is to enable the AMI and create a user with which the client program will authenticate. "System" -> "Asterisk Manager Interface(AMI)":
To add a new account, you must specify a Username and Password. In addition, it is necessary to set a Network filter, i.e. from which subnet the connection to the AMI user is allowed. You can allow connections from any addresses, or specify a specific network that you have configured in the "
System log entries
Description of section functions
The "System Diagnostics" section in MikoPBX is a tool for monitoring and analyzing the status of the telephone system. Using this section helps to promptly detect and eliminate technical problems, ensuring stable and efficient operation of MikoPBX.
OAuth2 - an authentication method in which you do not store or transmit your mailbox password. Instead, the application obtains a temporary access token from the mail provider (Microsoft 365/Outlook, Google Workspace/Gmail, etc.) and uses it when sending emails via SMTP.
Encryption type:
No encryption (port 25) - classic SMTP connection without channel protection.
STARTTLS (port 587) - the recommended and most common method for sending mail. The connection starts without encryption, after which the client and server negotiate a transition to a secure channel.
SSL/TLS (port 465) - SMTP connection with encryption from the very beginning of the connection. The channel is secured immediately after the TCP connection is established, without a switching phase.
Verify server certificate - a security setting that determines whether the client will verify the authenticity of the SMTP server's SSL/TLS certificate when establishing a secure connection (STARTTLS or SSL/TLS).
Secret Key (Client Secret) - the confidential application key issued by the OAuth provider. Used together with the Client ID to verify the authenticity of the application when obtaining and refreshing access tokens. Must be kept secret and not shared with third parties.
SMTP Host - mail server address.
SMTP Port - mail server port.
Encryption type:
No encryption (port 25) — classic SMTP connection without channel protection.
STARTTLS (port 587) — the recommended and most common method for sending mail. The connection starts without encryption, after which the client and server negotiate a transition to a secure channel.
SSL/TLS (port 465) — SMTP connection with encryption from the very beginning of the connection. The channel is secured immediately after the TCP connection is established, without a switching phase.
Verify Server Certificate - a security setting that determines whether the client will verify the authenticity of the SMTP server's SSL/TLS certificate when establishing a secure connection (STARTTLS or SSL/TLS).
SMTP Settings. Username and Password Authentication Type
SMTP Settings.OAuth2 Authentication Type
Sender's address - Emails will be sent on behalf of this address Email of the system administrator - all system notifications will be sent to this email address, for example, about the lack of disk space. When changing and saving the settings, a test email will be sent to this address
Use TLS - activates the use of encryption when connecting to the server, to connect via SSL, you need to add a protocol description to the server address
Validate server certificate - in some cases it is necessary to disable it when using self-signed certificates
Use mail motifications - allows you to enable/disable all email alerts, including voice mail
NOTIFICATION_DURATION - duration in seconds
NOTIFICATION_DATE - date of the call
VM_CALLER_NAME - caller's name (taken from VM_CALLERID)
VM_CALLER_NUM - caller's phone number (taken from VM_CALLERID)
The data storage disk is usually mounted in the "/storage/usbdisk1" directory. From the example above, it can be seen that 4.5G of 4.9G is currently available.
Disabling the disk
Before starting work, you should unmount the disk. To do this, run the script:
Make sure that the data storage disk is no longer mounted:
Editing the Partition table
Deleting a partition
First, delete the existing partition. This operation does NOT delete data on the disk, just edits the partition table.
Launching the Section Editor:
The system will prompt you to enter a command, enter "d" and press Enter:
Система запросит выбрать раздел к удалению, он один, вводим номер раздела «1» и жмем Enter:
Сохраняем таблицу разделов, вводим команду «w» и жмем Enter:
Adding a larger section
Launching the Section Editor:
The system will prompt you to enter a command, enter "n" and press Enter:
Next, specify the command "p", the section will be primary, press Enter:
Enter the number of the created section "1", press Enter:
Next, the system will ask you to enter the numbers of the first and last sector "First sector" / "Last sector", wait for Enter, do not enter anything and agree with the "default" values.
Checking a new partition
The size of the partition must match the size of the disk.
Checking the section for errors
Run the verification command:
Example of the result of the team's work:
Partition file system size
Run the command:
Example of command output:
Rebooting and mounting
When booting, the system will automatically mount a disk for data storage:
AMI user rights set in the [user] section of the configuration file /etc/asterisk/manager.conf
rights ID
reading
writing
System
Reading general information about the system, for example, configuration restart notifications
Allows the user to execute Asterisk control system commands such as Restart, Reload, or Shutdown. This permission also gives users the ability to run system commands outside of Asterisk. Granting such permission is equivalent to granting access to the command shell, with the rights of the user/group under which the Asterisk process is running
This section allows you to view log files for detailed analysis of PBX operations.
To start, select a file.
Set the lines for the number of lines to fetch.
Set the offset value to shift the selection.
Set the filter by entering a string to be included in the selection.
"Show log" section
The following options are available:
Download the selected log as a file .
Refresh the log .
Auto-refresh the log .
Filters
Example: Call Analysis
Suppose you need to analyze an outgoing call to the number 74952293042.
Select the log file asterisk/verbose.
Set the phone number 74952293042 as the filter.
Set the limit to a sufficient value, such as 2000, to ensure all log entries are included.
In the last line of the log selection, find the identifier:
In this example, the ID = C-0000000f.
Repeat the log query but use the filter C-0000000f this time.
You will receive the entire log of the dialplan process.
The obtained data can be sent to technical support for further assistance.
System Information
The tab displays the following information:
Network settings
CPU load
RAM usage
iptables settings
System information section
Campuring network packets
This section allows you to perform a detailed analysis of errors in PBX operation.
"Computer network packets" section
Capturing Network Packets
You can start capturing network packets passing through the network interface.
To start the process, press the Start button.
"Start" button
Reproduce your issue: make a call or perform an action that causes the error or failure.
Press the Stop and Download button.
"Stop" button
The network packets will automatically be saved in the archive MikoPBXLogs_log-tcpdump-XXXXXXXXXX. They should also automatically save in your browser's Downloads folder.
Logs file
If you cannot find the archive in the Downloads folder, you can connect to the PBX via WinSCP and download it from the /storage/usbdisk1/mikopbx/tmp directory - the file will be log-tcpdump-XXXXXXXXXX.zip.
You can use the search function in WinSCP by entering "log-tcpdump*" in the file name field and specifying the search directory as "/storage"
Download All System Logs
You can download all system logs accumulated on the PBX. To do this, click the Download All System Logs button.
"Download all system logs" button
The system logs will automatically be saved in the archive MikoPBXLogs_log-sys-XXXXXXXXXX.zip. The logs should also automatically save in your browser's Downloads folder.
You can also obtain this log archive from the /storage/usbdisk1/mikopbx/tmp directory by connecting to the PBX using WinSCP. The file will be log-sys-XXXXXXXXXX.zip.
Be careful! If there are many calls or heavy network "load" on the PBX, logs can take up a significant amount of disk space.
Selecting a template for the container being created
System disk parameters
Parameters for the second disk
Parameters for the third disk
Container parameters (CPU)
Container parameters (Memory)
Container parameters (Network)
Container parameters (DNS)
Final container configuration
Container startup process
Web interface IP address
MikoPBX web interface
Call queues
Creating and configuring call queues.
Queues allow you to:
Distribute phone calls among a group of employees (agents): You can create a call queue and add multiple employees to it. When a call comes in, the system automatically routes it to an available employee in the queue, ensuring a more even distribution of workload and increasing call handling efficiency.
Hold the customer on the line when all employees are busy: If all employees in the queue are occupied with other calls, the customer will be placed on hold until one of the employees becomes available. This helps avoid call abandonment and ensures better customer service.
Notify the customer of their position in the queue and approximate wait time: While the customer is in the queue, the system can provide information about their current position in the queue and an estimated wait time. This helps keep the customer informed and improves their waiting experience.
Display the queue name along with the customer's number on the employee's phone: When an employee answers a call from the queue, their phone displays not only the customer's number but also the name of the corresponding queue. This helps the employee handle calls more effectively and provide personalized service.
To configure call queues in MikoPBX, go to the "Telephony" section and select "Call Queue." Here, you can create and customize your queues according to your business requirements and customer service needs.
The default call duration for a queue is set to 300 seconds (5 minutes). After this time limit is reached, the call will be automatically terminated. To bypass this limitation, you can configure "Scenario 1" as described in the instructions for "Call Routing on Failures".
Main settings
To add a new queue, perform the "Add a new call queue" action
In the queue creation form or dialog, you will find the following fields:
Queue Name: Enter a name for the queue. This name will be used for reference when setting up call routing rules.
Note: Provide a brief description or note about the queue. This information will be visible in the queue list, allowing you to provide additional details or instructions.
Queue Agents
In the Queue Agents section, you can add an arbitrary number of employees (queue agents) and specify a call distribution strategy.
Here are the options for queue strategy:
Ring All: Calls are distributed to all available agents until someone answers the call (default behavior).
Least Recent: The call is routed to the agent who has been idle for the longest time within the queue.
Fewest Calls: The call is routed to the agent who has handled the fewest number of calls within the queue.
When setting up a queue, you can choose one of these strategies to determine how calls are distributed among the agents in the queue. The strategy you select will depend on your specific call handling requirements and the desired distribution behavior
Advanced Settings
In this section, you can provide additional information:
Phone number for this queue - you can call the queue using this number from any internal employee extension. Calls can also be transferred to this number.
Short name for the queue - for display before the CallerID on the telephone device of the subscriber, for example, "consult."
Queue settings for agents
Time attempt call to agents - the duration in seconds for which a call will ring on an individual agent's phone. After this time elapses, the call to the agent will be logged as a missed call in the call history. Once the ring time is over, the call will be routed to the next available agent based on the selected strategy.
The rest time of the agent after the processing of the call, before starting to accept new calls - the duration in seconds that is counted from the moment an agent finishes a call from the queue until they are ready to receive new calls. This period allows agents to update notes, complete necessary tasks, or take a short break before being assigned another call.
Queue settings for the caller
What the caller hears while waiting - During the wait for their call to be answered, the caller can hear either hold music or a ringing tone.
Background Music (MOH) - You can specify a unique audio file to be played to the caller during the wait, such as promotional materials.
Notify about current queue position - If all operators (queue agents) are occupied, enabling this toggle switch allows you to notify the caller about their position in the queue. If the Additional Audio Announcement option is activated, this announcement will supplement the information about the position.
Call routing in case of failures
The script #1 - In this scenario, you can configure the maximum allowable wait time for a client in the queue. If none of the queue agents can answer the client within the specified time, you can set a number to which the call will be redirected.
The script #2 - If there are no agents available in the queue (meaning no agents are currently logged into the phone system), you can specify a number to which the client's call will be transferred.
In these scenarios, as a redirection number, you can choose not only an internal extension but also options such as a conference, queue, IVR (Interactive Voice Response), or a special number within the dial plan application. These options provide flexibility in directing the call to different destinations based on your specific requirements or business needs.
The default call duration for the queue is set to 300 seconds (5 minutes). If you require a longer interval, you can specify a higher duration in Scenario 1 and provide a backup number to redirect the call to. This allows you to customize the wait time and ensure that if none of the queue agents can answer the call within the specified duration, it will be redirected to the designated backup number.
Connecting AWS S3 Storage
Instructions for connecting AWS S3 as cloud storage for automatic uploading of call recordings from MikoPBX
Creating a Bucket
Go to the AWS console (link). Navigate to "All services" -> "Storage" -> "S3".
"S3" section in AWS
Click "Create bucket".
Enter any name for the bucket (field "Bucket name"). Leave all other parameters as default and click "Create bucket".
Creating an IAM User and Access Keys
Go to "All services" -> "Security, Identity, & Compliance" -> "IAM".
Next, create a new IAM user. Go to the "Access Management" tab, then "Users". Click "Create user".
Enter the name of the IAM user in the "User name" field.
Click "Next".
Select "Attach policies directly" as the "Permissions options". Scroll down the page.
In the "Permissions policies" section click "Create policy".
In the newly opened tab, in the "Policy editor", select "JSON" as the format and paste the following content into the parameters field:
Replace "your-bucket-name" with the name of the bucket you created earlier (in this guide — "aws-s3-mikopbxstorage").
Click "Next".
Next, specify any name for the policy being created.
Click "Next".
Return to the user creation tab, refresh the policy list, and select the previously created policy (in this guide — "access-mikopbx").
Click "Next".
Confirm user creation: click "Create user".
Open the page of the created user by clicking on the username.
Go to the "Security credentials" section. Click "Create access key".
Enter a description for the key so that you can identify it later. Click "Create access key".
The Access key and Secret access key will be displayed. Save them — they will be needed later when configuring MikoPBX.
The secret access key can only be viewed or downloaded now. It cannot be recovered later.
Connecting to MikoPBX
Go to the "Maintenance" -> "Storage" tab.
Open the "S3 Cloud Storage" tab and fill in the following fields:
Automatic recording upload to cloud storage — enable the switch.
S3 endpoint URL — enter the S3 AWS endpoint depending on the region of your bucket ( to the table with all URLs). In this guide — https://s3.ap-southeast-1.amazonaws.com
S3 region — specify the region of your bucket. In this guide — ap-southeast-1
Configure the “Local storage period (S3 mode)” slider — choose how long recordings will be stored locally before being deleted after uploading to the cloud.
Shorter local storage periods free up disk space faster.
Click “Save”.
After saving the settings, click "Test connection". If the connection is successful, the message “S3 connection successful” will appear and synchronization of call recordings will begin.
Microsoft Outlook Setup (OAuth2)
Mail setup for the Outlook service (outlook.com; hotmail.com) via OAuth2 Authentication
Settings in Microsoft Entra
Application Registration
Sign in to the
Go to "Entra ID" -> "App registrations". Then click "New registration" to register a new application.
Select the following parameters for your application:
Name - enter a name for your application.
Supported account types - select "Accounts in any organizational directory (Any Microsoft Entra ID tenant - Multitenant)".
Specify the Redirect URL:
Select a platform — select "Web".
URL:
Replace 192.168.100.71 with your MikoPBX address.
Then click "Register".
The application will be created. Save the Client ID — you will need it in the future for configuration inside the MikoPBX web interface.
Granting Permissions and Creating a Client Secret
From the application's main page, go to "Manage" -> "API permissions".
Click "Add a permission".
In the "Microsoft Graph" section, select "Delegated Permissions". Enter "SMTP" in the search bar. Check the box next to "SMTP.Send".
Also enter "offline" in the search bar. Check the box next to "offline_access".
Click "Add permissions".
Next, go to "Certificates & secrets" -> "Client secrets". Click "New client secret".
Set the required parameters:
Description - an arbitrary description.
Expires - the duration for which you are issuing this client secret. It will be needed for application authentication in MikoPBX.
After expiration, the created client secret will stop functioning and you will need to repeat the process of creating a new key and connecting to MikoPBX.
After creation, the Client Secret value will be shown only once. Do not forget to copy it into the MikoPBX web interface.
Click "Add".
Copy the "Value" (not the Secret ID!). It will be needed for configuration in the MikoPBX web interface.
Granting Permissions to a User
For the application to work correctly, you need to grant permission to use the SMTP protocol for the user whose mailbox you are authorizing during this setup. To do this, follow these steps:
Go to the organization's admin center ().
Go to "Users" -> "Active Users". Click on the name of the user account under which the application is being created.
In the account, go to the "Mail" section and select "Manage email apps".
Make sure that "Authenticated SMTP" is allowed. Save the changes by clicking "Save changes".
Settings in MikoPBX
Go to the MikoPBX web interface. Then "System" -> "Mail and Notifications" -> "SMTP Settings".
Fill in all the required fields:
Sender address, Sender name — your email and the name from which the emails will be sent.
Authentication type — OAuth2.
SMTP login — your email.
Leave all other settings at their default values. A more detailed description can be found in the main article about mail parameters ().
After that, click "Save"!
Click "Connect via OAuth2". Sign in to your Microsoft account. Then confirm granting all requested permissions.
Upon successful authorization, you will see the corresponding window.
Running MikoPBX in a container
MikoPBX Installation Guide using Docker container
To work with MikoPBX in a container, you need to install Docker and Docker Compose, as well as create a user and directories for storing configuration settings and call recordings according to the instructions
To launch the container with your application, use the following commands:
Testing the functionality
To ensure that your MikoPBX application is posted and working in the Docker container, you can follow these steps after launching it. These steps will help you verify the container's status and view its logs.
Step 1: Check container status
First, ensure that the container is successfully launched and running. To do this, use the command docker ps, which will show a list of running containers and their statuses.
This command will display information about all active containers. Make sure that the mikopbx container is present in the list and its status indicates that it is running (e.g., status up).
Step 2: View container logs
After confirming that the container is running, the next step is to view the logs to ensure that the application has loaded without errors and is functioning properly. The docker logs command will allow you to see the output generated by your application.
Check the command output for a message similar to the one below. This message indicates that MikoPBX is successfully loaded and ready for use:
If you see the MikoPBX startup process, wait a moment and re-run the command sudo docker logs mikopbx
Step 3: Check access to the web Interface
When the container starts, it lacks information about the host system's address, so you need to open the external address of the host system, in this case, Ubuntu, in a web browser. https://<host machine IP>
Log into the web interface using the admin login and the admin password to make sure that the web interface is accessible and functioning correctly.
Features of containerized MikoPBX
The NET_ADMIN flag is required for the proactive protection system fail2ban and the firewall iptables to function inside the container. When an access block is triggered, for example, by entering an incorrect password, access from the IP address of the attacker will be blocked.
If you need to use the "", the container should be run with the –privileged flag. When MikoPBX is run in a container, backups can also be performed by manually archiving the cf and storage directories. In this case, the privileged mode is not necessary, but the container must be stopped during copying.
Creating a container from a tar archive
In addition to using our official registry, you might need to create a container from an image, for example, for a beta version. Our published releases and pre-releases include a tar archive, which we use to create a container.
Here is an example code for its use:
Environment variables for configuring MikoPBX
Below are some of the environment variables that will allow you to adjust the MikoPBX ports and settings used.
SSH_PORT - port for SSH (22)
WEB_PORT - port for the web interface via HTTP protocol (80)
WEB_HTTPS_PORT - port for the web interface via HTTPS protocol (443)
A full list of all possible setting parameters is available in the source code .
Outbound routing
Description and configuration of outgoing routing
Outgoing routes in MikoPBX are a set of rules and settings that determine how the system handles outgoing calls from employees to external numbers. With their help, administrators can control the direction of calls through different telephony providers or communication lines depending on certain conditions, such as the dialed number, prefixes, time of day or user access rights. This allows you to optimize communication costs, distribute the load between channels and apply security policies by restricting or allowing certain types of calls. Setting up outgoing routes provides flexibility and control over outgoing telephone communications, contributing to the efficient operation of the company's communication system.
In this article, you will find detailed documentation on setting up outgoing routing.
Random: A random available agent within the queue is selected to receive the call.
Round Robin: The call is distributed to each agent in a sequential manner, cycling through the list of agents.
Memory Hunt: The system remembers the last agent who answered a call and starts the distribution from that agent onwards.
Receive New Calls During A Call - this toggle switch enables or disables the ability to receive new calls while the agent is already on a call. When enabled, agents can handle multiple calls simultaneously.
Notify about estimated hold time - If all operators (queue agents) are occupied, enabling this toggle switch allows you to inform the caller about the approximate wait time for a call to be answered. If the Additional Audio Announcement option is activated, this announcement will supplement the information about the estimated wait time.
Additional notification - A sound message is played only if all participants in the queue are occupied.
Time in seconds to repeat all alerts periodically - Describes the interval at which to announce the queue position, wait time, and announcement.
"Call queue" section
"Add a new call queue" button
New call queue parameters
Queue agents section
Advanced settings button
Queue settings for the caller
Call routing in case of failures
Log
Provides the user with access to reading logs
Read only
Verbose
Provides the user with access to reading detailed logs
Read only
Agent
Reading agent status events from app_queue and chan_agent modules
Allows the user to perform actions to manage and retrieve the status of queues and agents
User
Access to user events as well as Jabber/XMPP user events
Allows the user to execute the UserEvent command to create custom events
Config
For recording only
Allows the user to receive, update, and overload configuration files
Command
For recording only
Allows the user to execute Asterisk CLI commands from AMI
DTMF
Allows the user to receive DTMF events
Read only
Reporting
Access to call quality events such as jitterbuffer or RTCP
Allows the user to perform a number of actions to obtain statistics and information about the status of the entire system
Cdr
Reading data write events in CDR
Read only
Dialplan
Reading events for setting dialplan variables, creating extents
Read only
Originate
For recording only
Allowing the user to execute the Originate command, which sends a request to create a new call
S3 bucket name — enter the name of the bucket created in AWS (for example aws-s3-mikopbxstorage in this guide)
Access key and Secret key — paste the values obtained when creating the service account access key.
The –net=host flag indicates that NAT between the host and container will not be used. MikoPBX will be directly connected to the host machine's network. All ports that the container needs to occupy will also be occupied on the host machine. If any port on the host machine is unavailable, errors will occur when loading MikoPBX. More details in the Docker documentation...
If necessary, you can adjust the standard set of ports used by MikoPBX. This can be done by declaring environment variables when launching the container.
SIP_PORT - port for connecting a SIP client (5060)
TLS_PORT - port for connecting a SIP client with encryption (5061)
RTP_PORT_FROM - beginning of the RTP port range, voice transmission (10000)
RTP_PORT_TO - end of the RTP port range, voice transmission (10800)
IAX_PORT - port for connecting IAX clients (4569)
AMI_PORT - AMI port (5038)
AJAM_PORT - AJAM port used for connecting the telephony panel for 1C (8088)
AJAM_PORT_TLS - AJAM port used for connecting the telephony panel for 1C (8089)
BEANSTALK_PORT - port for the Beanstalkd queue server (4229)
REDIS_PORT - port for the Redis server (6379)
GNATS_PORT - port for the gnatsd server (4223)
ID_WWW_USER - identifier for www-user (can be set with the expression
$(id -u www-user), where www-user is NOT a root user)
ID_WWW_GROUP - group identifier for www-user (can be set with the expression
$(id -g www-user), where www-user is NOT a root group)
WEB_ADMIN_LOGIN - login for Web interface access
WEB_ADMIN_PASSWORD - password for Web interface access
Additional examples of configuring outgoing routing are available in the FAQ section.
Step 1: Add a new rule
To add a new outgoing routing rule, click the "Add a new rule" button.
New rule in outbound routing
Step 2: Title and Note
The name of the rule can be set arbitrarily.
In a note, you can describe the call route that you want to implement; this can help you in debugging in the future.
Step 2: Title and Note
Step 3. Setting the number template
Set a template for outgoing calls. Read more about number templates in this articles group.
Step 3: Setting the number template
The example in the picture above means the following: if the dialed number starts with "345" or "375" and the rest of the number consists of 10 digits.
If the dialed number matches the rules of several routes, then the call will be made in the order of the route descriptions, one by one, until the call is answered, or until there are no more suitable routes.
Step 4: Number Conversion
Convert number - this setting is intended to remove the number prefix and replace it with the desired prefix.
Set a template for outgoing calls. Read more about number templates in the next paragraph.
Step 4: Number Conversaion
In the example given, digits are not cut off at the beginning of the number and digits are not added.
Step 5. Selecting a provider
Select from the list the provider for which you configured outgoing routing and save the changes.
Step 5: Selecting a provider
Examples
Examples of number templates
The number starts with
The rest of the number consists of the specified number of digits
Examples of numbers
[7-8]{1}
10
79257184255, 84952293042
7925
leave the field blank
Examples of changing number prefixes
Example 1. It is necessary to replace the number prefixes “+7” with “8”.
For example, the number +74952293042 should be converted to the number 84952293042.
The implementation of the rule looks like this:
+7 to 8
Example 2. It is necessary to replace the number prefixes “8”, “7” with “+7”.
For example, the numbers 84952293042 and 74952293042 should be converted to +74952293042.
The implementation of the rule looks like this:
7 and 8 to +7
Example 3: You need to add the prefix "8" to the number.
For example, the numbers 4952293042 and 4996382584 should be converted to 84952293042 and 84996382584 respectively.
The implementation of the rule looks like this:
Prefix 8
Example 4: You need to remove the area code "8495" or "7495" or "8499" or "7499" and leave the 7-digit number.
For example, the numbers 84952293042 and 74996382584 should be converted to 2293042 and 6382584 respectively.
The implementation of the rule looks like this:
Remove prefix
"Call routing" -> "Outbound routing" section
VirtualBOX
Installing MikoPBX as a guest machine in VirtualBOX
Use versions of MikoPBX below 2024.1.114 for installation on VirtualBOX
Version 2024.1.114 temporarily does not support installation on VirtualBOX
Create a virtual machine
Download Virtual Box from the and install it.
Create a new virtual machine.
Specify the Machine Name and Folder.
Type - Linux.
Version - Other Linux (64Bit).
Click Next.
Specify the size of the base memory - 1024 MB, as well as the number of processors - 2
Press Next.
Select Create a new virtual hard disk. Enter a disk size of 700 MB, and also check the box "Pre-allocate Full Size"
Click Create.
Confirm the creation of the virtual machine: click Finish.
Setting up a virtual machine
Go to the settings of the created virtual machine.
To do this, click "Settings" in the upper menu.
Click the "Storage" tab. Add a new hard drive to store call records.
In the window that appears, click Create.
Select the hard disk format - VDI (VirtualBox Disk Image).
Click Next.
The hard disk must be of a fixed size.
Check the box next to "Pre-allocate Full Size"
Click Next.
Specify the Name of the created disk.
Set the Disk Size to about 50 GB.
Click Finish.
Choose the newly created drive and click Select.
The created drive will appear in the media list.
Please mount the MikoPBX image onto an optical disc. To do this, select the optical disc in the 'Media' section and click on the image file selection button in the 'Attributes' section.
In the appeared menu, click on 'Choose a disk file...'
Select the downloaded ISO disk image.
"Go to the 'Network' tab.
Set the Connection Type to 'Bridged Adapter'. Click 'OK' to save all the settings you have made.
Installantion MikoPBX
Start the created virtual machine.
The command interface of the PBX will open. The PBX will start booting.
At this stage, MikoPBX is booting from the optical disc containing the ISO image. This is indicated by the message: 'The system is loaded in Recovery mode'.
You can navigate through the menu items using the .
To select a menu item, press the Enter key.
Alternatively, you can select a menu item by pressing the corresponding ."
Install MikoPBX.
All data on the disk where MikoPBX is being installed will be lost
Click Install.
Information about all available disks will be displayed (in this example: sdb, sdc).
The disk where MikoPBX will be installed is referred to as the system disk (SYSTEM). You can choose a disk with a size larger than 500MB as the system disk.
Enter the name of the disk you referred to as the 'system disk' from the keyboard, in this case sdb, and press Enter. (If it is selected by default, you can simply press Enter).
The system will prompt for confirmation. Enter 'y' and press Enter.
After completing the installation, you will be prompted to select a disk for storing call records.
Approximately, 1 hour of conversation takes up 14MB of disk space.
Enter the disk name (in this example, the only available disk is 'cdc') and press Enter.
After the installation is complete, the system will reboot.
MikoPBX will now run from the sdb drive where you installed it.
We will see that the line "The system is loaded in Recovery mode" is missing.
The first login to MikoPBX
To access the control panel, you need to enter the IP address of your virtual machine in the browser's address bar.
Default creditionals for the first login are:
Username - admin
Password - admin
System will ask to change them after the first login. It is important for the security of your MikoPBX.
The installation of MikoPBX using VirtualBOX is now complete.
Alibaba Cloud
Installing MikoPBX using the Alibaba Cloud platform
This guide applies to MikoPBX version 2024.2.135 and later!
This step-by-step guide will walk you through installing MikoPBX on the Alibaba Cloud platform.
Save recordings in stereo changes the recording mode from mono to stereo. The recording stream will be split into incoming and outgoing channels and merged into a stereo file.
There is a slider that allows you to choose how long call recordings will be stored.
You can also select an audio file for call recording notifications.
Phone calls are saved in mp3 format. Here is an example of the final call recording file information:
Approximately, 1 hour of conversation takes up 14MB of disk space.
Call Transfers
Call Park Number
Call parking is a variant of "holding" a customer on the line. It is useful when you need to temporarily disconnect to clarify information. During parking, the customer will hear music.
MikoPBX supports two methods of parking customer calls:
To park a customer call, enter *2. The customer's call will be put on hold by MikoPBX, and you will be informed of the parked call slot number. Any employee can pick up the call by dialing the parked call slot number from their phone.
In the Call Transfers section, assign a Car Park Number. When the customer's call is transferred to the parking number, MikoPBX will park the call, and you will be informed of the parked call slot number. Any employee can pick up the call by dialing the parked call slot number.
You can set the range of parked call slot numbers in the Call Transfers section: Start Parking Slot and End Parking Slot.
Call Transfers
MikoPBX offers two types of transfers: Attended and Unattended (blind).
With an attended transfer, you can speak to the person before transferring the call. The caller will be on hold during this time. Once the person handling the transfer hangs up, the transfer is completed successfully.
An unattended transfer occurs when you transfer the call without first speaking to your colleague. For example, when you receive a second incoming call while already on the phone, you can transfer the new call to a colleague without interrupting your current call.
By default, the combination for an attended transfer is two pound signs (##).
By default, the combination for an unattended transfer is two asterisks (**).
Timeouts
The return time for a call if there is no answer after an unattended (blind) transfer is 45 seconds.
Call Pickup
If your colleague's phone is ringing, you can intercept the call by dialing *8.
If you don't know your colleague's number, simply dial *8.
SIP
Session Initiation Protocol (SIP) is the signaling protocol used by most VoIP phones. You can change the SIP port (default is port 5060) to enhance security. Additionally, some SIP providers require additional parameters, such as Registration Periods (the time before the registration expires). Some firewalls close ports after a period of inactivity, which may require shortening the SIP provider's registration timeout. Another reason might be the need for different registration timeouts for certain SIP providers. The default values are:
SIPMiniExpiry - minimum registration duration in seconds, default is 60 seconds.
SIPMaxExpiry - maximum registration duration in seconds, default is 3600 seconds.
In real-time, the Transport Protocol (RTP) defines the standard format for transmitting audio and video over IP networks. By default, RTP uses port ranges between 10000 and 10200. Some routers and firewalls may require the port range to be adjusted. Another reason to adjust the port range is the number of simultaneous calls. Each call uses two RTP ports. This means if there are 200 ports, only 100 simultaneous calls are possible. If your phone system needs to handle more calls at once, you should expand the port range.
STUN Server Address - helps with PBX operation behind NAT, especially when using WebRTC.
Use WebRTC - additional settings will be configured for WebRTC connections. For example, for extension 201, an additional endpoint will be created, accessible via WebRTC using the URL
sip:201-WS@IP_PBX
Audio/Video Codecs
Configuration of allowed codecs for the PBX.
AMI & AJAM
Asterisk Manager Interface (AMI) is a powerful and convenient API for Asterisk, allowing external programs to control the system. AMI allows external programs to connect to Asterisk via the TCP protocol, execute commands, read results, and receive notifications of real-time events. AMI is often used for integration with business processes and CRM (Customer Relationship Management) systems. AMI listens for connections on a network port (default TCP port 5038). Once a client program connects and authenticates, Asterisk responds to requests and sends notifications about changes in subsystem states.
Asynchronous Javascript Asterisk Manager (AJAM) is a new technology that allows web browsers or other HTTP-capable applications to directly interact with the Asterisk Manager (AMI) interface via HTTP/HTTPS. By default, port 8088 is used.
SSH
SSH or Secure Shell is an encrypted protocol commonly used for interacting with and remotely managing servers. The SSH server can authenticate users using various algorithms. The most popular method is password authentication. It's simple but not very secure. Passwords are transmitted over a secure channel, but they may not be strong enough to resist brute-force attempts. The computing power of modern systems, combined with special scripts, makes brute-forcing very easy.
Default SSH client authorization in MikoPBX:
Login - root
Password - admin (we recommend changing this immediately)
A more secure and reliable authentication method is SSH keys. Each key pair consists of a public and private key. The private key is stored on the client side and should not be accessible to anyone else. If the private key is leaked, the attacker will be able to log in to the server unless additional password authentication is set up.
We highly recommend disabling password authentication. To do this, enable the "Disable password authorization" option.
The public key is used to encrypt messages, which can only be decrypted with the private key. This property is used for authentication with key pairs. The public key is uploaded to the remote server where access is needed. It should be added to the special file ~/.ssh/authorized_keys.
When the client tries to authenticate with this key, the server sends a message encrypted with the public key. If the client can decrypt it and return the correct response, authentication is successful.
How to create an SSH key for authorization and add it to the server? Read more .
You can save the public SSH key on the PBX in the SSH Authorized Keys field. If you have multiple public keys, you can paste them one after the other, separated by a blank line.
Web Interface
In this subsection, you can increase security by changing the HTTP port (default is port 80) or activating HTTPS mode.
HTTPS (HyperText Transfer Protocol Secure) is an extension of HTTP that supports encryption for enhanced security. HTTPS data is transmitted over cryptographic protocols such as SSL or TLS. Unlike HTTP, which uses TCP port 80, HTTPS uses TCP port 443 by default.
Redirect to HTTPS - when attempting to open the web interface via HTTP, the user will be redirected to HTTPS.
When the system starts, the PBX generates its own certificate for HTTPS operation - this is a "self-signed" certificate, not verified by a public "registrar," but it still allows HTTPS operation and encrypts traffic between the PBX and the browser. You can use module.
Web Interface Password
In this subsection, you need to change the WEB interface Login and Password.
Default MikoPBX authorization:
Login - admin
Password - admin
Delete all system settings
System files customisation
Description of the capabilities of the "System file customization" section
The system file customization section can be found under "System" -> "System file customization":
System file customization section
This section allows for customization of system and Asterisk configuration files. We recommend using this section only for experienced Asterisk administrators. MikoPBX provides the ability to modify the following configuration files via the web interface:
File Name
Description
asterisk.conf
To edit a configuration file, use the button:
You will be presented with the configuration file editing form:
"Add to end of file" - appends content to the end of the selected configuration file (recommended).
"To replace all" - your changes will completely overwrite the configuration file.
Customizing System Files with Scripts
In some cases, more complex modifications to system files are required than simply adding text to the end of a configuration file. For instance, you may need to redistribute PJSIP account parameters while retaining the ability to configure the system through the web interface.
We've introduced a new approach to customization, where you can describe a Bash script that will execute each time the system generates a configuration file. This way, integrators can make precise changes to configuration files without developing additional modules.
For example, you can modify the pjsip.conf file and change the max_contacts parameter for all internal numbers, except one.
sip.conf
You can add parameters to an existing section using the (+) syntax:
extensions.conf
Modify the dialplan with caution – there is a high chance of disrupting the PBX!
It is possible to intercept the execution of the dialplan by defining custom contexts. Currently, you can intercept executions in the following contexts:
internal-originate-custom - used for calls originating from the telephony panel for 1C.
<PROVIDER-ID>-incoming-custom - used for handling incoming calls from the provider.
<PROVIDER-ID>-outgoing-custom - used for handling outgoing calls via the provider.
Example context:
Make sure to call the method "return" at the end.
Some examples of using custom contexts:
Configuring outbound AOH for an employee
Transfer using scheduled backup (SFTP)
A method to transfer MikoPBX to another host using scheduled backup via SFTP
The second method involves setting up automatic scheduled backups, saving the data directly onto the target server via SFTP. This approach is particularly convenient for transferring larger amounts of data, as it eliminates the need for intermediate storage of the backup.
Configuring Scheduled Backup
First, you need to configure scheduled backups for the MikoPBX you want to transfer data from.
Go to the "Backup" module. Navigate to the "Backup Schedule" tab:
Next, set the scheduled backup parameters:
Server Address: Enter the address of your new MikoPBX server.
Mode: SFTP mode
Port: 22
For information on SSH connection, refer to the related documentation. To start the backup immediately after saving the settings, choose the option "Start backup immediately after saving settings". You can also select the specific data you want to transfer in the corresponding section.
Wait for the backup to complete, and then shut down the old machine.
Restoring from the Backup on the New Host
If the data transfer is successful, your backup will appear in the backup module section on the new host:
To restore from the backup on your new host, do the following:
Go to the backup settings by clicking on the respective element:
Select the data you need to transfer and click "Restore from a backup":
Telephony providers
Connecting and configuring telephony providers in MikoPBX
General Information
"Telephony Providers" in MikoPBX is a section of the system where connections to external telecom operators via Internet protocols for IP telephony are configured. Here, administrators can add and configure SIP trunk accounts or other types of connections that allow the system to make and receive calls from landline and mobile numbers.
To make or receive external phone calls via the public switched telephone network or the Internet, you must create at least one provider account. Each technology has its own account type. To add a new account or change an existing one, go to "Call Routing" -> "Telephony Providers":
Reset to factory settings
Method 1
Go to "General Settings" -> "Delete all system settings"
Quick start
This guide provides detailed steps to get started with MikoPBX and helps you quickly configure the system.
Follow the step-by-step instructions in the order presented for a quick and successful system setup.
Installing MikoPBX
MikoPBX is a full-fledged operating system for your hardware; it is not a standalone application. It is provided as an image file (*.iso, *.img, *.raw).
It supports various installation methods:
sudo docker ps
sudo docker logs mikopbx
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
| All services are fully loaded welcome |
| MikoPBX 2024.1.60. |
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
| Web Interface Access |
| |
| Local Network Address: |
| https://10.0.0.4 |
| |
| Web credentials: |
| Login: admin |
| Password: admin |
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
| SSH access disabled! |
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# Create a container from a tar archive
sudo docker import \
--change 'ENTRYPOINT ["/bin/sh", "/sbin/docker-entrypoint"]' \
mikopbx-2024.1.114-x86_64.tar \
"mikopbx:2024.1.114"
# Launch the created container
sudo docker run --cap-add=NET_ADMIN --net=host --name mikopbx --hostname mikopbx \
-v mikopbx_cf:/cf \
-v mikopbx_storage:/storage \
-e SSH_PORT=23 \
-e ID_WWW_USER="$(id -u www-user)" \
-e ID_WWW_GROUP="$(id -g www-user)" \
-it mikopbx:2024.1.114
Username: The SSH username for your new MikoPBX server.
Password: The SSH password for your new MikoPBX server.
The path on the server: "/storage/usbdisk1/mikopbx/backup/"
"Backup schedule" button
Parameters of backup
Backup copy
Way to recovery settings from a copy
"Restore from a backup"
79257184255, 7925, 7925718…
7ХХ
0
700, 701, 702…
74952293042
0
74952293042
74(95|99)
7
74952293042, 74996382584…
(7|8)0{1}
1
700, 701, 802, 803…
(25|26)
0
25, 26
[0-9]{1}
0
digit from 0 to 9, occurrence once
[1-5]{2}
0
12, 15, 14, 25 digit from 1 to 5, occurrence twice
[8-9]+
0
8899, 888, 988888 digit from 8 to 9, occurrence one or more times
"Script" mode in MikoPBX system file customization allows administrators to add custom scripts or commands directly into the configuration files. This mode is ideal for advanced users who need to execute specific actions, automate tasks, or modify system behavior dynamically, enhancing the flexibility of the PBX configuration. It should be used with caution to avoid system disruptions.
all_peers-custom - used for direct outgoing calls from a phone.
outgoing-custom - used when dialing an external number, before selecting an outbound route.
add-trim-prefix-clid-custom - used for handling incoming calls, best suited for normalizing incoming phone numbers by adding/removing a prefix.
internal-users-custom - used for handling calls to internal extensions.
public-direct-dial-custom - used for handling incoming calls without authentication.
General (global) settings of Asterisk.
In the asterisk.conf configuration file, you define the following:
- The location, permissions, and owner of the socket used to connect the remote management console to the server.
The location of various directories used by the Asterisk server to determine where configuration files, libraries, scripts, and logs will be created.
Default command-line parameters for starting the server.
cel.conf
Channel Event Logging. Unlike CDR, it logs all events that occur in the channel.
extensions.conf
The Asterisk dialplan. It defines how incoming and outgoing calls are handled and routed. This file controls the behavior of all connections passing through your PBX.
features.conf
The file defines custom codes and options for Asterisk functions like call transfer, call pickup, on-demand recording, digit timeout, call parking, etc.
http.conf
Built-in Asterisk HTTP server configuration.
iax.conf
Describes your IAX protocol connections.
indications.conf
Nationalization of tonal signals.
logger.conf
Asterisk logging configuration. This file configures logging of Asterisk events to files, console, and Linux syslog. To apply settings, run the command "logger reload" in the Asterisk console (CLI).
manager.conf
AMI (Asterisk Manager Interface) configuration.
modules.conf
Asterisk module loading parameters.
musiconhold.conf
Music-on-hold settings in IVR.
queues.conf
Asterisk queue settings. Detailed description of call strategies, penalty, timeout, member, and other available parameters.
rtp.conf
Global RTP settings – media ports and protocol.
sip.conf
Configures internal and external SIP channels in Asterisk.
[user2_pingtel]
type=friend
username=user2_pingtel
secret=blah
host=dynamic
qualify=1000 ; Consider the client unreachable if response time exceeds 1 sec.
callgroup=1,3-4 ; The client is a member of call groups: 1, 3, and 4.
pickupgroup=1,3-4 ; We can "pick up" calls using *8 for calls in groups 1, 3, and 4.
defaultip=192.168.0.60
disallow=all
allow=ulaw
allow=alaw
allow=g729
The provider overview contains a list of all available service providers. A green icon next to the provider's name indicates that MikoPBX has registered this provider, and you can start using this provider. You can enable or disable the use of the provider using the switch on the left.
Switching provider status
To connect a new provider account, click Connect SIP or Connect IAX depending on the type of account you are connecting.
Different types of connection
Setting up SIP Provider
General Settings
Instructions for connecting to the most popular service providers can be found in our FAQ.
General settings of provider
In the general settings of the SIP provider, specify the following settings:
Provider Name - an arbitrary name that is convenient for you. It will be displayed in the selection lists in the corresponding menus.
Account Type - the type of registration for the provider account.
Provider host URL or IP Address - can be either a URL or an IP address.
Username and Password provided by your provider.
DTMF Mode - determines how DTMF signals are transmitted over SIP. There are different standards used to transmit DTMF to SIP providers. Try using different standards to find the mode that suits you.
inband sends keypresses as "tones." To use this standard, you need a high-quality audio codec.
Auto, rfc, and info transmit keypresses through SIP encoding.
Advanced SIP Provider Settings
Advanced Settings
Additional provider hosts or ip
In this section, list all communication service provider addresses from which incoming calls can arrive. Access to these addresses for SIP and RTP ports will be automatically opened on the firewall.
Additional provider hosts or ip
SIP Connection Port
By default, it is set to 5060. The SIP protocol describes how a client application (e.g., a softphone) can request the initiation of a connection from another, possibly physically remote client in the same network using its unique name. The protocol defines how clients agree on opening exchange channels based on other protocols that can be used for direct information transmission (e.g., RTP).
SIP Connection Port
Transport Protocol
Allows you to specify the transport protocol used for this provider account.
Transport Protocol
Outbound Proxy
This is the provider's SIP proxy server for processing requests. The actual SIP server may differ from this address. The outbound proxy takes on primary requests and forwards them to the appropriate server.
Outbound proxy
Support NAT Session
When this option is enabled, Asterisk will send SIP OPTIONS packets. This is necessary to support NAT tunneling on your router.
Specify the frequency with which Asterisk will send OPTIONS-type SIP messages to check if this device is working and available for making calls.
If this device does not respond within the specified period (default is 60 seconds), Asterisk considers it turned off and unavailable for making calls.
Support NAT Session
Redefining SIP Header "From"
You can disable the use of the fromuser field of the SIP packet header.
Redefining SIP Header "From"
The fromuser and fromdomain parameters in the pjsip.conf file are used for outgoing calls from Asterisk to the SIP device.
You can override:
the username in the From field in SIP packets (fromuser).
the domain name in the From field in SIP packets (fromdomain).
The fields User and Domain serve this purpose.
User and Domain fields
Additional Parameters
In this field, you can modify Asterisk configuration files.
You can override almost all parameters. For example, when using chan_pjsip, the provider is described with the following sections:
To override fields in sections, fill in the Additional Parameters field as follows:
To complete the configuration, click Save Settings.
Save settings
Multiple Providers on One IP (Host)
There are cases when you need to connect multiple accounts from one communication service provider. In this case, the settings Host or IP Address and SIP Connection Port may be the same for all accounts.
Asterisk handles this situation differently. The PBX will not be able to correctly route the call to the desired provider, and the call will be dropped.
As a solution, in older versions of the PBX, you could describe additional inbound routes for which you would fill in the Additional Number (DID) field with the Username value for each account of the provider. This required creating N number of additional routes, equal to the number of provider accounts.
The Username field, in most cases, will be used as the destination number Additional Number (DID) for incoming calls. Considering that outgoing routes for all Usernames will be configured, the call will be correctly processed by the PBX.
More about Registration Types
1. Outgoing Registration
This option is used when connecting most providers.
Registration is necessary when the provider cannot know from which IP address the client will connect. For example, when the PBX is behind NAT. The provider's server is usually on a public IP address.
2. Incoming Registration
This option is relevant for the operation of some FXO / GSM gateways when an external device must connect to your PBX using a login and password.
This option is also relevant when the remote device is behind NAT, and MikoPBX cannot know its IP address.
3. IP Authentication, No Password
Relevant for secure private networks. For example, Rostelecom often lays its network cable and connects the client to its local network.
In this case, the PBX and the provider must be in the same network.
In the input field, paste the text "delete everything", click "Save settings"
Method 2
Open the MikoPBX console menu. Use the keyboard to enter 9 to go to the PBX console.
Enter two commands sequentially:
After executing these commands, MikoPBX will reboot. The login to the web interface takes place with the login (admin) and password (admin) by default.
Follow the link for your preferred installation method and proceed according to the provided instructions.
First Login to the Web Interface
After installation, you need to access the MikoPBX web interface for further system configuration. To do this, find the PBX's IP address in the MikoPBX console:
Example of MikoPBX Console
In this example, the IP address is 192.168.0.203. To access the web interface, enter this IP address into your browser's address bar:
MikoPBX login window
If the logs do not provide a username and password, use the default credentials:
Username: admin
Password: admin
After the first login, the system will prompt you to change your password.
Settings Within the Web Interface:
Network and Firewall Settings
For stable PBX operation, you need to configure the network through the Network and Firewall → Network Interface section. Detailed instructions for these settings can be found here.
In MikoPBX, all local subnets can be defined in the Network and Firewall → Firewall section. The firewall is intended to restrict access to the PBX based on traffic type and subnets. Follow the setup instructions here.
Configuring Protection Against Hacking (Fail2Ban)
Fail2Ban blocks IP addresses exhibiting unusual activity; it can reduce the rate of failed authentication attempts and helps protect your PBX from hacking. Instructions to help with the setup can be found here.
Adding and Configuring Employee Accounts
After completing the initial PBX setup, you can proceed to create accounts for your employees. This instruction will assist you.
Connecting Providers
After adding employees, you need to connect providers to your PBX. Instructions for this section can be found here. Instructions with examples of configuring real providers can be found here.
Setting Up Incoming and Outgoing Routing
At this stage, you need to set routing rules for incoming and outgoing calls: how calls passing through a specific provider will be handled:
The Marketplace allows you to extend the system's standard functionality using modules:
You can read more about Modules in MikoPBX in this article.
Information on registering in the MikoPBX Marketplace can be found here.
This completes the basic setup of MikoPBX! For a deeper exploration of MikoPBX's capabilities, we recommend referring to the comprehensive documentation.
List of MikoPBX images option. You need .iso image!
"Network" tab
Button for starting the created VM
Installation process
Installation process
Installation process
Installation process
Installation process
MikoPBX Console Page
IP address of your MikoPBX
Web-interface of MikoPBX
Incoming routing
Description and configuration of incoming routing
In this section, you need to create rules and templates for distributing incoming calls for providers created in MikoPBX. The rules for incoming calls describe the route of a call from the moment it arrives at the PBX to the moment it is completed. You can create an unlimited number of inbound routing rules. You can create several rules for one provider.
Additional examples of configuring incoming routing are available in the section.
[REG-AUTH-***]
type = auth
; ----
[REG-***]
type = registration
transport = transport-udp
; ----
[***-OUT]
type = auth
; ----
[***]
type = aor
max_contacts = 1
; ----
[***]
type = identify
; ----
[***]
type = endpoint
context = incoming
; ----
[registration-auth]
; Describe authentication parameters for [REG-AUTH-***]
[registration]
; Describe registration parameters on the remote server [REG-***]
[endpoint-auth]
; Describe authentication parameters for outgoing calls through the provider
[identify]
; This section is responsible for matching registration and endpoint. When an incoming call arrives,
; an identity parameter check will be carried out according to the INVITE.
[aor]
; Edit the AOR section for the endpoint
[endpoint]
; Edit endpoint parameters
Rules are listed in order of priority. If no one answers the incoming call within the time interval specified in the rule, the call will be routed to the next priority rule. Rules can be moved up and down in the list, that is, their priority can be changed by dragging them by the arrows.
Priority Scheme
If the call is not answered according to any of the rules, the Default incoming route is used.
Default incoming route
The following actions are available and can be specified as the default rule:
Play busy signal - the client will play a busy signal and the incoming call will be ended;
Hang up;
Redirect the call - the call can be transferred to a number that you can select in the field located to the right of the action. You can select an IVR menu, call queue, conference, or employee extension number as the number for transfer.
Multiple routes for one provider
For one provider, you can describe several incoming routes.
First, the call goes along the upper route. If the client does not get through, then the call goes according to the lower rule (lower priority). If the client does not get through via the second route, then the call goes through the default route.
Several incoming routes for one provider
Create a routing rule
To add a new incoming routing rule, click the Add a new rule button.
New Rule
In the Note field, describe the route you want to implement. In the future, this will help you debug the call circuit.
Select the Provider for which you are creating a new incoming call distribution template.
The additional DID number is the number the client called you on. This field is optional and should be completed if you need to route calls more accurately.
Parameters for a new rule
At the next step, you need to indicate to which phone number the incoming call from the client will be sent. The telephone number can be IVR menu numbers, call queues, conferences, or employee internal numbers.
Parameters for a new rule
Specify the time during which the call will be sent to the phone number you specified.
Parameters for a new rule
If after the specified time interval no one answers the incoming call, the call will be routed to the next priority rule.
Here is an example of a docker-compose.yml file that can be used to manage your MikoPBX container via Docker Compose:
Save the contents into a file named docker-compose.yml, make the necessary adjustments, and launch MikoPBX using the command:
Running Multiple MikoPBX Instances on One Host
Mode Without Network Isolation Between Host and Containers (–net=host)
It is also possible to organize the launch of multiple MikoPBX containers on a single host. However, you need to consider Docker's port handling features. If the –net=host mode is not used, it will lead to a high load on the host system's CPU because Docker creates a separate rule in Iptables for each allocated port.
With the –net=host mode enabled, you need to manually monitor the distribution of available ports between the running containers and built-in applications. For instance, to run two MikoPBX containers on one host, you can use the following configuration file:
Save the contents into a file named docker-compose.yml, make the necessary adjustments, and launch MikoPBX using the command:
Network Bridge Mode (–net=bridge)
There is an option to launch MikoPBX containers in the –net=bridge mode. However, as mentioned above, to use this mode you either need to significantly limit the range of RTP ports or open them on the host machine without using Docker's capabilities.
For this, you will need to write a small script to determine the name of the current bridge interface and the IP address of each container. After running Docker Compose, you will then need to add the necessary iptables rules for the RTP port range as follows:
Let's describe several containers in the docker-compose.yaml file, specify different ports for the web interface, SIP ports, and ranges of RTP ports to ensure they do not overlap.
Creating a directory for scripts
Save the start-multiple-mikopbx.sh and docker-compose.yaml files into this folder.
Install the necessary dependencies for the script.
Navigate to our folder, add execution rights and launch our script.
While waiting for the containers to start, check the firewall settings on the host, and if necessary, open the ports specified in our docker-compose.yaml file, specifically:
TCP/UDP ports 5060 and 6060 for SIP
UDP ranges 10000-10800 and 20000-20800 for RTP voice transmission
TCP ports 8443 and 9443 for HTTPS protocol, for web interface operation.
Access each station in turn at the addresses:
https://<host machine IP>:8443
https://<host machine IP>:9443
To access the web interface of the first MikoPBX, use the login admin and the password mikopbx-first-password
To access the web interface of the second MikoPBX, use the login admin and the password mikopbx-second-password
Each machine should have NAT mode enabled, indicating that the container is behind a router in the network interface settings. If the stations will be used within a local network, then in the external IP field, enter the local IP address of the host machine, otherwise its public IP address.
Important note!
One of our containers uses port forwarding from SIP port changing its value from 5060 to 6060.
In this case, for the system to function correctly, you need to add the external value of the SIP port in the NAT settings in the network interfaces section of MikoPBX.
This setting can also be made by setting the corresponding value of the environment variable EXTERNAL_SIP_PORT=6060 in the docker-compose file.
With that, the setup is complete, and you can configure accounts and make calls.
Environment variables for configuring MikoPBX
Below are some of the environment variables that will allow you to adjust the MikoPBX ports and settings used.
SSH_PORT - port for SSH (22)
WEB_PORT - port for the web interface via HTTP protocol (80)
WEB_HTTPS_PORT - port for the web interface via HTTPS protocol (443)
A full list of all possible setting parameters is available in the source code .
Application dialplans
Creating and Configuring Dialplan Applications
Dialplan applications are programmable voice applications in PHP and Asterisk Dialplan. MikoPBX comes with several pre-configured applications. With some basic knowledge of Asterisk dialplans, additional applications can be easily created. Like a phone account, applications can have an extension assigned in the settings.
MikoPBX comes with several pre-configured applications. With some basic knowledge of Asterisk dialplan, you can easily create additional applications. Like a phone extension, applications can have an internal number assigned in the settings.
Below you will see a description of the basic applications included in MikoPBX:
List of basic Application dialplans
Application Number
Application Description
Creating applications
MikoPBX applications are created from several plans of the Asterisk application suite. There are many examples of ready-to-run applications in the system. To add a new MikoPBX application, click on "Add a New" in the application menu.
In just a few steps, you can create your own applications. First, define the Name and Call Number for the application, and optionally fill in the Comment field.
Possible application code types:
PHP-AGI script - AGI is an embedded method in Asterisk for executing external scripts (similar to CGI for HTTP servers), which can extend Asterisk's functionality using other programming languages, particularly PHP. AGI scripts can control call handling in the dialplan and are invoked from the extensions.conf file.
Asterisk Dialplan - The configuration of the dialplan is contained in the Asterisk configuration file called extensions.conf. This is one of the most important configuration files where the processing and routing of incoming and outgoing calls are defined. This file governs the behavior of all connections passing through your PBX (Private Branch Exchange).
Let's clarify: we will refer to MikoPBX applications as "applications" and Asterisk dialplan functions as "functions". For example, Answer(), NoOP(), Set(), and Wait() are functions. These are individual target functions in Asterisk that are then combined in MikoPBX to create more powerful MikoPBX applications.
Describe the logical operations in the text field of the Programme Code. Please note that only one command is allowed per line, for example:
The figure shows an example of the simplest application for the number 000063. After dialing the number, you will hear the robot voice your internal number.
MikoPBX will check the commands used. It is possible that incorrectly programmed operations may affect the performance of your telephone system.
Description of Asterisk functions that you can use in your applications:
Наименование команды
Описание
Google Cloud Marketplace
MikoPBX Installation Guide using Google Cloud Marketplace
For quick and easy search on the Google Cloud platform, use the search bar
Adding roles to a Service account
If you have a service account, check if it has the necessary roles, and add them if needed
If you do not have a service account, create one and add the necessary roles
Open the Navigation menu / Products & solutions / Management / IAM & Admin
Go to the Service accounts tab and click on CREATE SERVICE ACCOUNT
Enter a name for the service account, for example mikopbx-service-account
Add the roles Cloud Infrastructure Manager Agent, Compute Admin, Compute Network Admin, Service Account User
Click the DONE button
Creating a virtual machine
Open the Marketplace and enter MikoPBX in the search bar
Select the image
On the opened tab select LAUNCH
In the Deployment name field, enter a name, for example mikopbx-vm
In the Deployment Service Account section, check the Existing account option and select the previously created service account
To deploy the PBX, use two disks:
A 1 GB disk for the main system
A 50+ GB disk for storing call recordings
If necessary, change the size of the data storage disk in the Data Storage section. By default, its size is 50 GB
Under Networking, all required Firewall rules are configured automatically
For other fields, use the default values
After entering the values, click the DEPLOY button
Starting MikoPBX
Open the Compute Engine tab and go to the Virtual machines / VM Instance section
Go to the created virtual machine mikopbx-vm-mikopbx-vm
On the opened tab, go to Logs / Serial port 1 (console)
Copy the external address of the created virtual machine and enter it in the browser address bar
Use the login and password provided in Serial port 1 (console) to log in
Registration in the modules marketplace
Description of the registration process
General Information
Registering in the MikoPBX Module Marketplace is not required for the system’s basic functionality. You can fully utilize MikoPBX for handling calls without registration or installing additional modules. However, we recommend registering in the marketplace to expand your system’s capabilities.
Registration gives you access to additional modules and extensions.
These include both free modules (moved out of the core system for easier initial setup) and paid modules from us and third-party developers.
If you are a developer, you can contact us at [email protected] to get instructions on creating and adding your module to the Marketplace.
MikoPBX is a free solution and does not require registration.
The absence of a license does not impact call functionality. You can register or cancel your Marketplace registration anytime.
To begin the registration process, navigate to "Modules" -> "Marketplace of modules":
If you are not registered in the Marketplace, the section will look as follows:
Registration Process
If you move MikoPBX to another host or restore it from a backup, you will need to reset license bindings in the .
One license key is issued per company. If your company uses multiple MikoPBX instances, a single registration is sufficient.
To start the registration process, click the Register in Marketplace button:
The license key stores all your licenses for MikoPBX products. If you already have a key, you can enter it in the corresponding field. If you've forgotten your key, search your email inbox for messages from [email protected]
If you don’t have a key, you can generate a new one by completing the registration form:
Organization Name – Enter your company/organization name.
Contact Email – Enter your organization’s email address.
Contact Person – Enter the name of the contact person.
Click Register.
Upon successful registration, you will see the following screen:
A notification confirming the system's registration.
The license key field will display a blurred value by default. Hover over it to view or copy the key.
License Management
To manage your license, go to Marketplace -> License Management and click the corresponding option:
You will be redirected to the :
Enter your license key in the Enter your license key or activated coupon field and click Login:
You will access a system with nine sections:
Go to the Session monitor section:
In the Info column, click the i button for each binding to view detailed host information.
In the Action column, use the Drop button to unbind the license from the current host.
Potential Issues
Registration Issues
If you encounter issues during registration, check for internet access to the MikoPBX server. Ensure connectivity to lic.miko.ru and lic.mikopbx.com over port 443 (HTTPS). Verify firewall settings and network permissions.
Strikethrough Key Icon
MikoPBX periodically connects to licensing servers to verify installed modules. If a module license becomes unavailable, the module will be disabled, and a strikethrough key icon will appear next to its name.
IVR Menu
Creating and configuring IVR menu in MikoPBX
An IVR menu includes options for routing incoming calls using an interactive voice menu. It allows callers to navigate through a series of menu prompts using their telephone keypad or voice input. The IVR menu typically provides various choices or options for callers to select based on their needs or preferences. Each option in the menu can be associated with a specific action or routing destination, such as transferring the call to a particular department, providing self-service options, or connecting the caller to a specific extension or queue. The IVR menu enhances the caller's experience by offering a self-service mechanism and streamlining call routing based on their selections.
Pre-configuration
Before creating an IVR menu, it is necessary to upload audio files that will be played to callers when they contact your company. The audio files can be added in the "Telephony" -> "Sound files"
Choose your music file using "Upload a new file"
Additionally, there is the option to record a file using a microphone if you connect to the MikoPBX over HTTPS.
Creating an IVR menu
Go to "Telephony" → "IVR menu" section.
Click "Add new IVR nenu."
Set the name, number, and, if necessary, a comment for the IVR menu. Select the audio file that you uploaded in the previous step.
Configure Actions when you extend. In the first column, specify the extension number, and in the second column, set the addressing rule.
Set the number of retries before transferring to the default number.
Set the timeout for entering an extension number (value in seconds) after which the voice greeting will be repeated.
The Default extension is required in case the client does not enter an extension number (for example, due to technical limitations).
Enable the "Allow Dialing of any extension" toggle switch if needed.
Enter the IVR menu number that can be dialed to reach that specific IVR menu.
Press "Save settings."
How IVR works
The principle of operation of an IVR (Interactive Voice Response) is as follows:
When calling the IVR menu number, the Voice Greeting audio file starts playing.
During the playback of the voice menu, the caller can enter an extension number. The "Allow Dialing Any Internal Number" flag determines if callers can dial any internal number, including queues, IVRs, or internal extensions.
After the voice menu is played, there is a waiting period of the "Input Extension Timeout" for entering an extension number.
SSH Conenction (SSH Client - Putty)
This tutorial will describe how to connect via SSH using Putty
Download the program to connect via SSH. This can be done on the official website at the link
Run the downloaded program. The main menu will open for you.
Go to the "Connection" - "Data" section
"Auto-login username" specify root
"Terminal-tipe string" specify xterm-256color
Go to the "Translation" section
«Remote character set» - specify UTF-8
Set the flag «Enable VT100 line drawing even in UTF-8 mode»
Go to the section "Session" - "Logging". Here you can configure saving the output to a file:
Go to the "Session" section
Required data:
Host Name (or IP address) — IP address of the PBX
Port — port for SSH connection by default 22
Enter the session name and save its settings
In the future, use the "Load" action to use the previously saved session
Perform the "Open" action to connect to the PBX and enter the SSH password
Before connecting, you need to allow password authorization in the MikoPBX web interface, as well as set a password for connection: to do this, go to "General Settings" -> "SSH"
After entering the SSH password, the PBX menu will open
To open the console, go to "[9] Console(Shell)"
Monitoring Providers on MikoPBX
When working with telecom service providers, issues may occasionally arise. For example, the provider's server might become unresponsive or unavailable. This article provides a mechanism for notifying the system administrator via email.
To enable notifications, you will need to configure the SMTP client. See instructions in the section "Mail and Notifications".
Create a new "Dialplan Application".
Creating a new dialplan application
Enter a name (e.g., Blacklist), a short number for the application (e.g., 99), and select "Code Type" - "PHP AGI Script".
Go to the "Program Code" tab:
Insert the following code:
Save the changes and copy the dialplan application identifier from the browser's address bar. It will look like "DIALPLAN-APP-CF967EE0".
Go to System → Customizing System Files and open the file /var/spool/cron/crontabs/root for editing.
Select the mode "Append to the end of the file", and in the black editing field at the bottom, insert the following code:
Adjust the file name according to your dialplan application identifier "DIALPLAN-APP-CF967EE0
Save the changes.
You're done!
Google Cloud deployment guide
MikoPBX Installation deployment Guide using Google Cloud
Authorize on the platform
Let's start configuring
For quick and convenient navigation on the Google Cloud platform, use the search pane
docker-compose.yml
services:
mikopbx:
container_name: "mikopbx"
image: "ghcr.io/mikopbx/mikopbx-x86-64"
network_mode: "host"
cap_add:
- NET_ADMIN
entrypoint: "/sbin/docker-entrypoint"
hostname: "mikopbx-in-a-docker"
volumes:
- /var/spool/mikopbx/cf:/cf
- /var/spool/mikopbx/storage:/storage
tty: true
environment:
- ID_WWW_USER=${ID_WWW_USER}
- ID_WWW_GROUP=${ID_WWW_GROUP}
# Change the station name through environment variables
- PBX_NAME=MikoPBX-in-Docker
# Change the default SSH port to 23
- SSH_PORT=23
# Change the default WEB port to 8080
- WEB_PORT=8080
# Change the default WEB HTTPS port to 8443
- WEB_HTTPS_PORT=8443
Contact Phone (optional) – Provide a contact number.
Unique Company Identifier (e.g., Tax ID, VAT) (optional).
Marketplace section if registration is not completed
The "Registration in the marketplace" button
License key
Registration form for the marketplace
Successful registration in the marketplace
"License Management" element
SaaS Licensing Server Page
Entered license key
SaaS System
"Session monitor" Section
Host information
Resetting the license on the host
The total time allowed for entering the extension number is calculated as the sum of the audio file duration and the input extension timeout.
If the total time for entering the extension number expires, a repeat voice announcement occurs, and there is another waiting period within the timeout for the next IVR attempt.
If the user enters an incorrect number or does not enter any number at all, a repeat voice announcement occurs, and there is another waiting period within the timeout for the next IVR attempt.
The maximum number of attempts is set by the "Number of Retries" parameter before transferring to the default number.
Once the number of attempts exceeds the specified value, the call is redirected to the default number.
"Sound files" section
"Upload a new sound file" button
"IVR Menu" section
"Add new IVR menu" button
Parameters of the new IVR menu
"Actions when you extend" section
Number of repetitions before transferring to the default number
Timeout to enter an extension number after IVR menu playback
Default extension
"Allow dialing of any extension" switch
"IVR menu extension"
Deleting a key/value from the database.
database deltree
Deleting the key/value tree from the database.
database get
Get the value from the database.
database put
Adding/changing a value in the database.
exec
Execution of the specified Command. (Commands are functions that you use when describing the set plan in the extensions.conf file).
get data
Get data from the channel.
get option
Behaves similarly to the "STREAM FILE" command, but is used with a specified value for timeout. (Asterisk 1.2)
get variable
Get the value of the channel variable.
hangup
Break the connection (Hangup) on the current channel.
noop
An empty command. Does nothing.
receive char
Accepts one character from the channel if it supports this feature.
receive text
Accepts a text string from a channel if it supports this feature.
record file
Writes to the specified file.
say alpha
Pronounces the specified string of characters. (Asterisk 1.2)
say date
Pronounces the date. (Asterisk 1.2)
say datetime
Pronounces the date and time according to the specified format. (Asterisk 1.2)
say digits
Pronounces the specified string of digits.
say number
Pronounces the specified number.
say phonetic
Pronounces the specified string of characters.
say time
Pronounces the time.
send image
Sends the image to the channel if it supports this feature.
send text
Sends text to the channel if it supports this feature.
set autohangup
Automatic termination of the connection (Autohangup) on the channel at the specified time.
set callerid
Setting the caller id for the current channel.
set context
Setting the context for the current channel.
set extension
Change the extension for the current channel.
set music
Включение/Выключение музыки ожидания (Music on hold), например: «SET MUSIC ON default».
set priority
Enabling/Turning off the standby music (Music on hold), for example: "SET MUSIC ON default".
set variable
Setting the channel variable.
stream file
Sending an audio file to the channel.
tdd mode
Setting the TDD mode for a channel that can support it to enable interaction with TDD.
verbose
Writing a message to the verbose log of the asterisk server.
wait for digit
Waiting for the DTMF button to be pressed
000063
The application reads the internal number of the employee used to call the application and voices it to the employee, i.e. the employee is voiced his internal number on the PBX
000064
0000MILLI - Generates a constant sound signal with a frequency of 1000 Hz. Used to check the quality of the connection.
10003246
The Echo application sends the received audio signals back to the user so that the delay duration can be determined. In general, you hear what you say. The application is mainly used for testing.
answer
Transfer the call to the answered state.
channel status
Returns the status of the connected channel.
control stream file
Sending a preset audio file to the channel, with the ability to control its playback (pause/rewind/resume playback) using the DTMF digits received from the subscriber, if specified. (Asterisk 1.2)
"Add a new" button
Parameters of the new dialplan application
"Programme code" section
database del
SIP_PORT - port for connecting a SIP client (5060)
TLS_PORT - port for connecting a SIP client with encryption (5061)
RTP_PORT_FROM - beginning of the RTP port range, voice transmission (10000)
RTP_PORT_TO - end of the RTP port range, voice transmission (10800)
IAX_PORT - port for connecting IAX clients (4569)
AMI_PORT - AMI port (5038)
AJAM_PORT - AJAM port used for connecting the telephony panel for 1C (8088)
AJAM_PORT_TLS - AJAM port used for connecting the telephony panel for 1C (8089)
BEANSTALK_PORT - port for the Beanstalkd queue server (4229)
REDIS_PORT - port for the Redis server (6379)
GNATS_PORT - port for the gnatsd server (4223)
ID_WWW_USER - identifier for www-user (can be set with the expression
$(id -u www-user), where www-user is NOT a root user)
ID_WWW_GROUP - group identifier for www-user (can be set with the expression
$(id -g www-user), where www-user is NOT a root group)
WEB_ADMIN_LOGIN - login for Web interface access
WEB_ADMIN_PASSWORD - password for Web interface access
#!/bin/bash
COMPOSE_FILE="$1"
if [ -z "$COMPOSE_FILE" ]; then
echo "Usage: $0 path/to/docker-compose.yaml"
exit 1
fi
# We will obtain the user ID for running the container
export ID_WWW_USER=$(id -u www-user)
export ID_WWW_GROUP=$(id -g www-user)
# Stop current containers if they are running
docker compose -f "$COMPOSE_FILE" down
# Remove them
docker compose -f "$COMPOSE_FILE" rm
# Start containers in the background
docker compose -f "$COMPOSE_FILE" up -d
sleep 60
# Create a label for IPTABLES rules
IPTABLES_COMMENT="mikopbx-custom-rule"
# Determine the project identifier, used when creating a network bridge
project_prefix=$(cat "$COMPOSE_FILE" | yq e '.x-project-name' -)
# If the prefix is not set, use a default value
if [ -z "$project_prefix" ]; then
project_prefix="default_prefix"
fi
# Function to get container IP address
function get_container_ip() {
docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' "$1"
}
# Function to get the name of the bridge interface
function get_bridge_name() {
local network_name="$1"
local prefix="$2"
local network_id=$(docker network inspect "${prefix}_${network_name}" -f '{{.Id}}')
if [ -z "$network_id" ]; then
echo "Error: Network ${prefix}_${network_name} not found."
return 1
fi
local bridge_name=$(ip link show type bridge | grep -o "br-${network_id:0:12}\b")
echo $bridge_name
}
echo "Delete tagged iptables rules"
# Delete all iptables rules tagged with our comment
iptables -S | grep "$IPTABLES_COMMENT" | sed 's/-A /-D /' | while read rule; do
echo "Delete rule $rule"
iptables $rule
done
# Delete all NAT iptables rules tagged with our comment
iptables -S -t nat | grep "$IPTABLES_COMMENT" | sed 's/-A /-D /' | while read rule; do
echo "Delete rule $rule"
iptables -t nat $rule
done
# Parse the docker-compose file and obtain all necessary parameters.
echo "Parsing docker-compose file and configuring iptables rules"
cat "$COMPOSE_FILE" | yq e '.services[] | select(.environment[] | test("RTP_PORT_FROM")) | {"container_name": .container_name, "environment": .environment, "network": .networks[0]}' -o=json | jq -c '.' | while read -r service; do
container_name=$(echo $service | jq -r '.container_name')
network_name=$(echo $service | jq -r '.network')
bridge_name=$(get_bridge_name "$network_name" "$project_prefix")
container_ip=$(get_container_ip "$container_name")
RTP_PORT_FROM=$(echo $service | jq -r '.environment[] | select(contains("RTP_PORT_FROM")) | split("=")[1]')
RTP_PORT_TO=$(echo $service | jq -r '.environment[] | select(contains("RTP_PORT_TO")) | split("=")[1]')
echo "Configuring iptables for $container_name ($container_ip) on $bridge_name from port $RTP_PORT_FROM to $RTP_PORT_TO"
iptables -A DOCKER -t nat ! -i "$bridge_name" -p udp -m udp --dport $RTP_PORT_FROM:$RTP_PORT_TO -j DNAT --to-destination $container_ip:$RTP_PORT_FROM-$RTP_PORT_TO -m comment --comment "$IPTABLES_COMMENT"
iptables -A DOCKER -d $container_ip/32 ! -i "$bridge_name" -o "$bridge_name" -p udp -m udp --dport $RTP_PORT_FROM:$RTP_PORT_TO -j ACCEPT -m comment --comment "$IPTABLES_COMMENT"
iptables -A POSTROUTING -t nat -s $container_ip/32 -d $container_ip/32 -p udp -m udp --dport $RTP_PORT_FROM:$RTP_PORT_TO -j MASQUERADE -m comment --comment "$IPTABLES_COMMENT"
echo "Don't forget to open UDP ports $RTP_PORT_FROM to $RTP_PORT_TO on external firewall if it exists"
done
echo "iptables configuration completed successfully."
docker-compose.yaml
services:
mikopbx-first:
container_name: "mikopbx-first"
image: "ghcr.io/mikopbx/mikopbx-x86-64"
entrypoint: "/sbin/docker-entrypoint"
hostname: "mikopbx-in-docker-first"
volumes:
- /var/spool/mikopbx/first/cf:/cf
- /var/spool/mikopbx/first/storage:/storage
tty: true
cap_add:
- net_admin
networks:
- network-bridge1
environment:
- ID_WWW_USER=${ID_WWW_USER}
- ID_WWW_GROUP=${ID_WWW_GROUP}
- PBX_NAME=MikoPBXFirst
- RTP_PORT_FROM=10000 # UDP range 10000-10800 on host will be directed to the container
- RTP_PORT_TO=10800
- WEB_ADMIN_PASSWORD=mikopbx-first-password
- ENABLE_USE_NAT=1
- PBX_FIREWALL_ENABLED=1
- PBX_FAIL2BAN_ENABLED=1
ports:
- "8443:443" # TCP port 8443 on the host is directed to port 443 in the container
- "5060:5060/udp" # UDP port 5060 on the host is directed to port 5060 in the container
mikopbx-second:
container_name: "mikopbx-second"
image: "ghcr.io/mikopbx/mikopbx-x86-64"
tty: true
cap_add:
- net_admin
networks:
- network-bridge2
entrypoint: "/sbin/docker-entrypoint"
hostname: "mikopbx-in-docker-second"
volumes:
- /var/spool/mikopbx/second/cf:/cf
- /var/spool/mikopbx/second/storage:/storage
environment:
- ID_WWW_USER=${ID_WWW_USER}
- ID_WWW_GROUP=${ID_WWW_GROUP}
- PBX_NAME=MikoPBXSecond
- RTP_PORT_FROM=20000 # UDP range 20000-20800 on host will be directed to the container
- RTP_PORT_TO=20800
- EXTERNAL_SIP_PORT=6060 # Inform MikoPBX about its external SIP port
- WEB_ADMIN_PASSWORD=mikopbx-second-password
- ENABLE_USE_NAT=1
- PBX_FIREWALL_ENABLED=1
- PBX_FAIL2BAN_ENABLED=1
ports:
- "9443:443" # TCP port 9443 on the host is directed to port 443 in the container
- "6060:5060/udp" # UDP port 6060 on the host is directed to port 5060 in the container
x-project-name: mikopbx # This parameter must be present
networks:
network-bridge1:
driver: bridge
network-bridge2:
driver: bridge
Short description of ARI (Asterisk REST Interface)
ARI is a RESTful API with WebSocket support that gives full control over Asterisk channels, bridges, and media streams in real time. Unlike the MikoPBX REST API, ARI works directly with the Asterisk core and is designed for building custom telephony applications.
Detailed ARI documentation is available on the official Asterisk website: Asterisk REST Interface
What is it used for?
ARI is used when the standard PBX features are not enough and custom call handling logic is required:
WebRTC applications and softphones — web phones and mobile clients with direct media stream control
Interactive voice response (IVR) — custom menu logic unavailable through the standard dialplan
Conference calls — programmatic control of bridges and participants
How does it work?
ARI consists of three components:
REST API — management of Asterisk objects: channels, bridges, recordings
Stasis — a dialplan application that passes a channel to your ARI application for control
Typical scenario: a call enters the dialplan → Stasis() passes the channel to your application → the application controls the call via REST API and receives events via WebSocket.
Configuring an ARI User
Before starting, you need to enable the ARI interface (it is disabled by default). Go to "System" → "General Settings".
Go to the "AMI & ARI" tab and toggle the "Use ARI Interface" switch. In the "CORS allowed origins" field, specify the domains from which requests to ARI will be made. CORS is a browser security mechanism that restricts cross-domain API requests.
Value
When to use
Never use * in production. Only specify trusted domains over HTTPS.
Go to "System" → "ARI Access".
Click "Add User".
Fill in the following parameters:
Username — login for connection, e.g. ari_user.
Password — password for connection.
Description — description for the current user, e.g. "WebRTC Demo".
Common applications
ari-app: Main ARI application
stasis: Base Stasis application
Save the settings.
Connection Parameters
WebSocket
Type
URL
Replace [application] with the name of your Stasis application.
REST API
Type
URL
Authentication: HTTP Basic Auth — ARI user login and password.
It is recommended to use secure connections (wss:// and https://) with a valid SSL certificate. Regular ws:// and http:// are acceptable only in an isolated test environment.
Example: Hello World
This is a minimal ARI example — a channel enters a Stasis application, the application plays a sound file and ends the call.
The example is taken from the official Asterisk documentation:
Step 1 — Connect to WebSocket
Step 2 — Configure the Incoming Route
In MikoPBX, go to "Routing" → "Dialplan Applications", create an application with the type "Asterisk Dialplan" and the following code:
Assign the application to the required incoming route.
Step 3 — Make a Call
When an incoming call arrives, the WebSocket will receive a StasisStart event:
Step 4 — Play Sound via REST API
Open a new terminal window and run the following command:
Use the channel id from the StasisStart event!
On successful playback, you will see the following output in the terminal:
Step 5 — End the Call
After the call ends, the WebSocket will send a StasisEnd event:
Example: Presence Monitor
A live employee status table in the terminal — no incoming route or Stasis application configuration required. Works by subscribing to all station events.
Install dependencies:
As calls are made, the table will update in real time:
Full ARI documentation is available on the Asterisk website:
Gmail Setup (oAuth2)
Gmail service mail configuration via OAuth2 Authentication
Setting up OAuth 2.0 in Google requires using the station's URL address.
The easiest way is to create a DNS record on the local server or add an IP address-to-domain name mapping in the hosts file on the device from which the configuration is being performed.
Call recording and processing — real-time audio interception for analytics or transcription
Voice bots and assistants — integration with external AI services
Advanced queues — custom call distribution logic
Applications — specify the names of Stasis applications the user has access to. Leave the field empty for access to all applications.
external-media: Working with external media streams
Solution: enter the station's URL address in the MikoPBX web interface: "Network and Firewall" -> "Network Interfaces". Go to the "Network Topology" section and enter the hostname in the "External hostname of your router" field. (Enable "This station is located behind a NAT router".)
Problem solution
Vultr
Installing MikoPBX using the Vultr cloud platform
This guide applies to MikoPBX version 2024.2.138 and later!
This guide provides a step-by-step process for installing MikoPBX on the Vultr cloud platform.
Before starting, you must download the latest .iso MikoPBX image file from MikoPBX’s GitHub releases.
Uploading the Image to Vultr
Uploading the File to Storage
First, you need to upload the image to the cloud platform.
Navigate to "Cloud Storage" → "Object Storage":
Create a new storage resource by clicking "Add Object Storage":
Select the type of storage (it’s recommended to use the basic option, as you only need it to store the disk image). Also provide a name.
Click on your newly created storage resource:
Go to the "Buckets" tab and create a new bucket with a custom name.
The storage information will display S3 connection details.
Next, connect to your storage via WinSCP. Open WinSCP and select "New Site":
Enter the following parameters:
File protocol – Amazon S3
Encryption – TLS/SSL Implicit encryption
Port number – 443
Click "Login".
Upload the .iso disk image file to the storage.
Return to the Vultr interface and go to your bucket’s directory.
Click the three dots to the right of the file name, then "Change Access". Grant access by toggling the switch.
Importing the ISO
Click the three dots to the right of the file name and select "Copy URL".
Navigate to "Orchestration" → "ISOs":
Click "Add ISO":
Paste the link to your previously uploaded file and click "Upload".
Adding an SSH Key Pair
Go to "Account" → "SSH Keys". Click "Add SSH Key":
Generate an SSH key pair .
In the interface for adding the key pair, provide a custom name and paste your public SSH key.
Click "Add SSH Key".
Creating a Virtual Machine
Go to "Products" → "Compute":
Click "Deploy Server":
In the next section, select the region and configuration for your virtual machine.
Continue configuring the server:
Under ISO/iPXE, select the previously uploaded ISO.
Select the SSH key pair you created.
Click "Deploy".
Creating a Second Disk
After the server is created, power it off.
Go to "Cloud Storage" → "Block Storage":
Click "Add Block Storage":
Select the disk type, region (same as the VM), size, and a custom name.
We recommend at least 50GB for storing call recordings. This guide uses 30GB as an example.
Go to the management page for the newly created block storage. Attach the volume to your virtual machine using the "Attach to:" option.
Installing the System
Go to your virtual machine management page.
Open the console by clicking the relevant button:
You will enter the built-in console.
Navigate to "[8] Install".
Select the disk to be used as the system disk. Confirm by typing "y" and pressing "Enter":
Select the disk for storing call recordings. The system will reboot.
Go to "Settings" for your virtual machine and then "Custom ISO". Click "Remove ISO".
At this point, MikoPBX is installed and ready to use.
Connecting to the Web Interface
In your browser, enter the IP adress of your virtual machine. You can find it in the MikoPBX console.
Log in using the following credentials:
Username: admin
Password: The VM ID, which looks like "150dd137-a0e2-45f6-baf9-ddc15a600d60" and can be found in the address bar (screenshot below).
Host Name, Access key ID, and Secret access key – from the storage information
In the left menu, select "Buckets" and click "Create Bucket".
On the bucket creation page, specify:
Bucket Name — enter any unique name for the bucket (e.g., mikopbx-s3-storage).
Region — select the region closest to your MikoPBX server.
Remember your region name (e.g., ap-southeast-1), as you will need it when configuring MikoPBX.
Click "Create Bucket".
After creating the bucket, you need to create an access policy. Go to "Policies" in the left menu and click "Create Policy".
Enter a name for the policy (Policy Name) and a description for future identification (Description). In the "Policy Editor" field, paste the following set of rules:
Replace "YOUR-BUCKET-NAME" with the name of the bucket you created earlier (e.g., mikopbx-s3-storage in this guide).
Go to "Users" in the left menu (under "Users & Groups") and click "Create User".
On the first step "Details", fill in the following parameters:
UserName — enter any username (e.g., mikopbx-user).
Type of Access — check only "Programmatic (create API keys)".
Require MFA — leave disabled.
Click "Next".
On the Groups step — skip it and click "Next".
On the Policies step — select the policy you created earlier (e.g., mikopbx-access in this guide) and click "Next".
On the Review step, verify the parameters and click "Create User".
After the user is created, the Access Key and Secret Key will be displayed. Save these values — you will need them to configure MikoPBX.The Secret Key is shown only once.
Connecting to MikoPBX
Go to the "Maintenance" tab → "Storage".
Switch to the "S3 Cloud Storage" tab and fill in the following fields:
Automatically upload recordings to cloud storage — enable the toggle.
S3 endpoint URL — enter the endpoint for your region from the table below.
For example, for region eu-central-1: https://s3.eu-central-1.wasabisys.com
S3 region — specify the region of your Wasabi bucket (e.g., eu-central-1
Click "Save".
Region
Endpoing URL
After saving the settings, click "Test Connection". If the connection is successful, the message "S3 connection successful" will appear and synchronization of call recordings will begin.
VMware Workstation Pro
Installing MikoPBX using VMware Workstation Pro.
This guide covers creating and configuring a virtual machine in VMware Workstation Pro and installing MikoPBX on it.
You can download the VMware Workstation Pro installer from the official website.
Use versions of MikoPBX other than 2024.1.114 for installation on VMware Workstation Pro. Version 2024.1.114 currently does not support installation via VMware Workstation Pro!
Creating a Virtual Machine
Open VMware Workstation Pro and click "Create a New Virtual Machine" to start creating a new virtual machine.
In the setup interface, select the virtual machine type: "Typical (recommended)". Then, click "Next >".
Choose the installation source, "Installer disc image file (iso):". Select the .iso file you want to use. You can download the distribution from . Click "Next >" to continue.
Select "Linux" for the "Guest operating system" and "Debian 11.x 64-bit" as the version. Click "Next >".
Enter a desired name for the virtual machine in "Virtual machine name:" and, if necessary, specify a location on your computer under "Location". Click "Next >".
Set the size for the primary (system) hard drive, with a recommended size of 1GB. Choose "Split virtual disk into multiple files" and click "Next >".
A summary of the virtual machine configuration will appear. Click "Finish" to create the virtual machine.
Adding and Connecting a Second Disk
Now, let's create and attach a second hard drive, which will be used to store call recordings.
Open the settings of the previously created virtual machine.
Click "Add..." to add a new system component.
In Hardware types, select "Hard Disk" and click "Next >".
Choose "Virtual disk type" - "SCSI". Click "Next >".
Choose "Create a new virtual disk" and click "Next >".
Specify the disk size, with a recommended minimum of 50GB. Also, choose "Split virtual disk into multiple files". Click "Next >".
Give the hard drive a custom name and click "Finish".
Configuring the Network Interface for the Virtual Machine
In the settings, go to "Network Adapter" and select "Network connection" - "Bridged: Connected directly to the physical network". Click "OK".
First System Boot
Start the virtual machine.
The MikoPBX command-line interface will open as the PBX starts loading from the optical disk where the ISO image was mounted. This is indicated by the line: "The system is loaded in Recovery mode":
Use the to navigate through the menu options.
Press Enter to select an option, or press the corresponding number on the .
To install MikoPBX, select "[8] Install".
A list of available disks will be displayed (in this example, sdb, sdc). The system suggests a default disk, sdb in our case, for the installation. If you agree with the suggested disk for the system, press Enter. Otherwise, enter the name of another disk.
All data on the selected installation disk will be erased.
The system will issue a warning. To confirm the operation, enter "y" and press Enter.
After installation, you'll be prompted to select a disk for storing call recordings. Enter the disk name (in this example, sdc) and press Enter.
After installation, the system will restart. MikoPBX will now boot from sdb, the installation disk, without the line "The system is loaded in Recovery mode"—indicating a successful installation.
First Login to MikoPBX
To access the MikoPBX web interface, enter your virtual machine's IP address in your browser's address bar. You can find the IP address in the console.
Enter the IP address in your browser’s address bar. Log in using the default credentials.
Use the following default credentials for the first login to the MikoPBX web interface:
Username: admin
Password: admin
).
S3 bucket Name — specify the name of the bucket created in Wasabi (e.g., mikopbx-s3-storage).
Access Key and Secret Key — paste the values obtained when creating the Access Key.
Configure the "Local storage (S3 mode)" slider — select how long recordings will be stored locally before being deleted after upload to the cloud.
Selecting the system installation source for the virtual machine being created
Selecting an operating system and version for the virtual machine being created
Specifying the name and path for the virtual machine being created
Specifying parameters for the system hard disk for the virtual machine being created
The final configuration of the machine being created.
Virtual Machine Settings Section
Button for adding a new system element
Selecting the type of a new system element
Selecting a disk type
Selecting the "Create a new virtual disk" option
Specifying parameters for the disk being created
Name for the second hard drive
Setting up a network interface
Button to start the virtual machine
Loaded MikoPBX from optical disk
Selecting a disk for the system
Selecting a disk for storing call recordings
MikoPBX successfully installed
MikoPBX IP address
MikoPBX WEB interface authorization page
Extensions
Setting Primary Phone Numbers
Extensions in MikoPBX are individual users of the system who are assigned internal numbers for making and receiving calls. They have personal accounts that allow you to configure access rights, call forwarding and other personal settings in the system.
Extensions List
The "Extensions" section displays a list of internal user accounts for employees. On the left side of each employee, the status of the authorized device is displayed. If the device is successfully authorized under the respective internal user account, a green circle is shown; otherwise, it appears gray.
Extensions status
In the search bar, you can find the desired contact. You can search by the employee's name, internal number, mobile number, or email address.
The form also provides the ability to sort the list of employees by name, internal number, mobile number, or email address. There are buttons for copying the account password to the clipboard, editing the account, and deleting the account.
Adding an extension
There are two ways to add employees:
1) Adding employees one by one by entering data in the Web interface.
2) Importing multiple employees from a CSV file.
Adding Employees One by One
To add a new employee, click the "Add new employee" button.
Importing and Exporting Employees from a CSV File
There is an option to export and import employees for configuration convenience. To do this, click the arrow to the right of the "Add New Employee" button.
3 options are available:
Import from CSV — load employees from a CSV file into MikoPBX.
Export to CSV — download employees to a CSV file from MikoPBX (employees will not be deleted from the station).
Download template — download a CSV table template to fill in and subsequently import into MikoPBX.
Import
Click "Select CSV file" and choose the previously prepared file with data in the table. It is recommended to use templates from the "Template" tab.
After selecting the file, information about all detected users in the table will be displayed. Select a duplicate handling strategy and click "Confirm import" to start the process.
After the process is complete, you will see the employee creation status as well as a notification about the end of the import.
Click "Back to list" to return to the employee list.
Export
There is an option to export a CSV file with all the data of current employees. Several export formats are available:
sip_transport — Transport (udp/tcp/tls), default udp,tcp
Full:
All parameters from Minimal and Standard.
user_avatar — Photo URL
sip_manualattributes — Additional SIP parameters
You can also specify a range of internal employee numbers to export (the "Filter by number range" section).
Click "Export employees". The file will be downloaded to your device.
Template
On this tab, you can download a blank file template with the specified "columns" to fill in and subsequently import into MikoPBX.
Select the template format (see the "" section for more details), then click "Download CSV template".
Main Account Settings
On the "Basic Parameters" tab, you can configure the general settings for an employee's internal account:
Username: This value will be used for name substitution and displayed in the corresponding field on the phone screen.
Internal Number: This is the employee's internal extension number, which is also used as the login when connecting the phone.
Mobile Number: It is used for additional routing purposes.
Please ensure that the passwords for SIP accounts meet the following requirements:
The password length should be greater than eight characters.
Advanced Account Settings
Accesses the Advanced drop-down list:
Redefining the set string
In the "Redefining the set string" field, enter the dialing rule for mobile numbers according to your provider's requirements.
Call recording
If you want employees to have the ability to record conversations, you can enable the Сall recording feature.
DTMF Mode
The setting determines how DTMF (Dual Tone Multi-Frequency) signals are transmitted over the SIP protocol. DTMF signals are used, for example, when dialing phone numbers or interacting with IVR systems.
Transport protocol
This setting allows you to specify the transport protocol used for this account. The transport protocol determines how data is transmitted over the network. The most common transport protocols used in SIP (Session Initiation Protocol) are UDP (User Datagram Protocol), TCP (Transmission Control Protocol), and TLS (Transport Layer Security)
Network filter
The subnet described in the "Network Firewall" section specifies the allowed subnet for this account. It determines which IP addresses or networks are permitted to connect to this account. Connections originating from other subnets will result in authentication errors.
Manual additional attributes for SIP
This field is used to modify/override the configuration files of Asterisk. You can override almost all parameters. For example, when using chan_pjsip, a SIP account for an employee is described by the following sections:
To override fields in the sections, you should fill in the "Additional Parameters" field as follows:
Routing Settings
On this tab, you can set rules for call forwarding when the employee is unavailable, busy, or does not answer.
Set the time period in seconds during which the call will be directed to the employee's internal account. If the employee cannot answer the call within the specified time, indicate to which number the call should be forwarded. By default, the call will be redirected to the employee's mobile number.
You can also specify the numbers to which the call should be redirected in case of busy and unavailable status.
Feel free to configure these parameters according to your preferences and requirements.
Connecting softphones
Connecting telephones
Yealink T19
Yealink T21
Yealink T28
sip_secret — SIP password (will be generated if not specified)
fwd_ringlength — Ring time (seconds) before forwarding
fwd_forwarding — Forwarding number if no answer
sip_enableRecording — Call recording (true/false)
fwd_forwardingonbusy — Forwarding number if busy
fwd_forwardingonunavailable — Forwarding number if unavailable
Email Address: It is used for email notifications.
Password for SIP
The password should contain both uppercase and lowercase letters. The password should include numbers and special characters: "-", "_", "[]", "{}", "@", ";".
By setting complex passwords, you can enhance the security of the user accounts and protect them from unauthorized access.
To follow the instructions, install the Amazon Command Line Utility by opening Terminal and entering the following command
Let's get started with the setup
For quick and convenient navigation within the Amazon service, use the search panel
Copying access keys
Go to your account
From the dropdown menu, select Security credentials
If you don't have an access key, do the following
Under the Access keys table, select Create access key
Copy the Access key and Secret access key
If you already have an access key, simply copy the Access key and Secret access key
Creating a bucket
Open Services / Storage / S3
On the tab select Create bucket
Enter a unique bucket name
Use default values for other fields
After entering the values, click Create bucket
Open the created bucket and select Upload
On the opened tab select Add files
Upload the file from the MikoPBX distribution with the .raw extension
Adding permissions and attaching policies
If not done previously for this cloud
Create a separate folder for files on your computer
Create a file named trust-policy.json in the folder
Open Terminal and navigate to the created folder
Similarly, create a file named role-policy.json and change the bucket name value in the text to the name of your created bucket
Similarly, create a file named import-image.sh, change the DEFAULT_BUCKET parameter value to the name of your created bucket and the DEFAULT_IMAGE parameter value to the name of the image uploaded to the bucket
Run the command aws configure, specify the region and copied Access key and Secret access key
Run the command
Run the command
Run the command
If the command executes successfully, a unique AMI identifier will be generated
Creating a virtual machine
Open Services / Compute / EC2 and navigate to Images / AMIs
Select the created image and click Launch an instance from AMI to create a virtual machine
Enter the virtual machine name, for example mikopbx-vm
Specify the instance type - t3.micro
If you have an SSH key
Specify the SSH key in the Key pair field
If you don't have an SSH key
Select Create new key pair and specify the key pair name, for example mikopbx_key
Follow the instructions further
In the Network settings section, check Allow SSH traffic and Allow HTTPS traffic
To deploy the PBX use two disks:
A 1 Gb disk for the main system
A 50+ Gb disk for storing call recordings
If necessary, change the size of the storage disk in Configure storage, default size is 50Gb
For other fields use default values
Click Launch instance
Starting MikoPBX
Go to the created virtual machine mikopbx-vm
On the opened tab, select Connect / EC2 serial console, wait for the system to fully load until the authentication parameters are displayed
Copy the external address of the created virtual machine and enter it in the browser's address bar
Use the login and password provided in EC2 serial console for login
Make sure to configure the Firewall on the MikoPBX
#!/bin/bash
# Default variable definition
DEFAULT_IMAGE="mikopbx-2024.1.40-dev-x86_64.raw"
DEFAULT_BUCKET="mikopbx-bucket"
DEFAULT_DESCRIPTION="MikoPBX the best open source PBX on asterisk"
DEFAULT_NAME="MikoPBX 2024.1.40-dev"
# Overriding variables with environment variable values, if set
IMAGE="${IMAGE:-$DEFAULT_IMAGE}"
BUCKET="${BUCKET:-$DEFAULT_BUCKET}"
DESCRIPTION="${DESCRIPTION:-$DEFAULT_DESCRIPTION}"
NAME="${NAME:-$DEFAULT_NAME}"
# JSON file for import-snapshot command
JSON_FILE="disk_container.json"
# Creating JSON file
cat <<EOF> ${JSON_FILE}
{
"Description": "${DESCRIPTION} image",
"Format": "raw",
"UserBucket": {
"S3Bucket": "${BUCKET}",
"S3Key": "${IMAGE}"
}
}
EOF
# Importing the snapshot
IMPORT_TASK_ID=$(aws ec2 import-snapshot --description "${DESCRIPTION} image" --disk-container "file://${JSON_FILE}" --query 'ImportTaskId' --output text)
echo "Import task started with ID: $IMPORT_TASK_ID"
# Waiting for snapshot import to complete
while true; do
STATUS=$(aws ec2 describe-import-snapshot-tasks --import-task-ids $IMPORT_TASK_ID --query 'ImportSnapshotTasks[0].SnapshotTaskDetail.Status' --output text)
echo "Current status: $STATUS"
if [ "$STATUS" == "completed" ]; then
break
fi
sleep 30
done
# Getting SnapshotId
SNAPSHOT_ID=$(aws ec2 describe-import-snapshot-tasks --import-task-ids $IMPORT_TASK_ID --query 'ImportSnapshotTasks[0].SnapshotTaskDetail.SnapshotId' --output text)
# Registering AMI
AMI_ID=$(aws ec2 register-image \
--name "$NAME" \
--description "$DESCRIPTION" \
--architecture x86_64 \
--sriov-net-support simple \
--virtualization-type hvm \
--ena-support \
--boot-mode legacy-bios \
--root-device-name "/dev/sda1" \
--block-device-mappings "[{\"DeviceName\": \"/dev/sda1\", \"Ebs\":{\"DeleteOnTermination\":true, \"VolumeSize\":1, \"SnapshotId\":\"$SNAPSHOT_ID\"}}, {\"DeviceName\": \"/dev/sdb\", \"Ebs\":{\"VolumeSize\":50}}]" \
--query 'ImageId' \
--output text)
echo "AMI created with ID: $AMI_ID"
aws configure
aws iam create-role --role-name vmimport --assume-role-policy-document "file://trust-policy.json"
aws iam put-role-policy --role-name vmimport --policy-name vmimport --policy-document "file://role-policy.json"
sh import-image.sh
REST API Usage Examples
Instructions with examples on creating and using API keys
Working with the REST API follows the OpenAPI standard. To get the current list of endpoints, use the "Documentation" section inside the PBX. Below are examples of working with the main features of the MikoPBX REST interface.
If you do not have a trusted certificate — add verify=False to each request and disable warnings:
It is strongly recommended to issue a trusted certificate. The easiest way to do this is by using the Let's Encrypt module.
Connection
To run all examples in this guide, create an API key and configure the following access permissions (see the general article for details):
Resource
Access Level
Used for
In this article we will be working with Python, so you need to install the required dependencies:
Below is a connection template for accessing the station via an API key. Use it before all scripts in this guide. The API key is passed directly in the request header — no additional authentication is required:
In the template, replace the following parameters:
your-mikopbx.com — with the IP address or URL of your station.
your-api-key
Working with Employees
Endpoint:POST /pbxcore/api/v3/employees
The table below lists the parameters for this request.
Field
Req.
Type / constraints
Description
Creating a Single Employee
Example API response (HTTP 201):
Possible response codes:
Code
Description
On successful execution, you will see the following console output:
Employees 283 and 284 will be created on the station.
Listing Employees
On successful execution, you will see the following console output:
Group Employee Creation
On successful execution, you will see the following console output:
3 employees will be created on the station.
Working with SIP Providers
Endpoint:POST /pbxcore/api/v3/sip-providers
Field
Req.
Type
Description
Creating a Provider
On successful execution, you will see the following console output:
A provider will be created on the station:
Listing All Providers
On successful execution, you will see the following console output:
Retrieving Call History (CDR)
Endpoint:GET /pbxcore/api/v3/cdr — read-only.
Parameter
Type
Description
On successful execution, you will see the following console output:
Statistics for a Period
On successful execution, you will see the following console output:
Calls with the CHANUNAVAIL status are not counted in the Answered, Missed, or Avg. duration statistics.
CDR Record Fields
Field
Type
Description
Monitoring: SIP Statuses and Active Calls
Employee and SIP Provider Registration Statuses
Endpoints:GET /pbxcore/api/v3/sip , GET /pbxcore/api/v3/sip-providers
On successful execution, you will see the following console output:
Employee statuses (status field)
Value
Description
Provider statuses (state field)
Value
Description
Active Calls in Real Time
Endpoint:GET /pbxcore/api/v3/pbx-status
On successful execution, you will see the following console output:
The full list of endpoints and interactive documentation is available in the section.
import urllib3
urllib3.disable_warnings()
Read
Employee and trunk registration statuses
Call Records
Read
Call history (CDR)
PBX Status
Read
Active calls in real time
SIP Providers
Read and write
Creating and editing SIP providers
— with the previously created API key with the required permissions.
Created: 283 (John Smith), id=113
Created: 284 (Anna Johnson), id=114
Process finished with exit code 0
def list_employees(search: str = '', limit: int = 100, offset: int = 0) -> list:
params = {'limit': limit, 'offset': offset}
if search: params['search'] = search
r = requests.get(f'{BASE_URL}/employees', headers=HEADERS, params=params)
return r.json().get('data', {}).get('data', [])
for emp in list_employees():
print(f" {emp.get('number'):>6} {emp.get('user_username', '')}")
202 Brown Brandon
203 Collins Melanie
201 Smith James
283 John Smith
284 Anna Johnson
Process finished with exit code 0
import time
employees = [
{'number': '291', 'name': 'John Smith', 'secret': 'Pass#9201'},
{'number': '292', 'name': 'Anna Johnson', 'secret': 'Pass#9202'},
{'number': '293', 'name': 'Peter Brown', 'secret': 'Pass#9203'},
]
created, failed = [], []
for emp in employees:
r = requests.post(
f'{BASE_URL}/employees',
headers=HEADERS,
json={
'number': emp['number'],
'user_username': emp['name'],
'sip_secret': emp['secret'],
}
)
result = r.json()
if result.get('result'):
created.append(emp['number'])
print(f" {emp['number']} {emp['name']}")
else:
failed.append(emp['number'])
print(f" {emp['number']}: {result.get('messages', {}).get('error', [])}")
time.sleep(0.2) # small pause between requests
print(f'Created: {len(created)}, Errors: {len(failed)}')
291 John Smith
292 Anna Johnson
293 Peter Brown
Created: 3, Errors: 0
Process finished with exit code 0
def create_sip_provider(
description: str,
host: str,
username: str = '',
password: str = '',
registration_type: str = 'outbound',
qualify: bool = True,
) -> dict:
payload = {
'description': description,
'host': host,
}
if username: payload['username'] = username
if password: payload['secret'] = password
if registration_type: payload['registration_type'] = registration_type
if not qualify: payload['qualify'] = qualify
r = requests.post(f'{BASE_URL}/sip-providers', headers=HEADERS, json=payload)
result = r.json()
if result.get('result'):
print(f" Provider created: {description}")
else:
print(f" Error: {result.get('messages', {}).get('error', [])}")
return result
create_sip_provider(
description='Zadarma',
host='sip.zadarma.com',
username='316811',
password='mysecretpass',
)
Provider created: Zadarma
Process finished with exit code 0
def list_providers() -> list:
r = requests.get(f'{BASE_URL}/sip-providers', headers=HEADERS)
return r.json().get('data', [])
for prov in list_providers():
print(f" {prov.get('id'):<20} {prov.get('description', '')} [{prov.get('type', '')}]")
SIP-TRUNK-34F7CAFE [SIP]
SIP-TRUNK-7B5977ED [SIP]
Process finished with exit code 0
from datetime import datetime, timedelta
def get_cdr(
offset: int = 0,
limit: int = 20,
date_from: str = None,
date_to: str = None,
src_num: str = None,
dst_num: str = None,
disposition: str = None,
) -> list:
params = {'offset': offset, 'limit': min(limit, 100)}
if date_from: params['dateFrom'] = date_from
if date_to: params['dateTo'] = date_to
if src_num: params['src_num'] = src_num
if dst_num: params['dst_num'] = dst_num
if disposition: params['disposition'] = disposition
r = requests.get(f'{BASE_URL}/cdr', headers=HEADERS, params=params)
return r.json().get('data', {}).get('records', [])
now = datetime.now()
then = now - timedelta(days=7)
for row in get_cdr(
date_from=then.strftime('%Y-%m-%dT%H:%M:%S'),
date_to=now.strftime('%Y-%m-%dT%H:%M:%S'),
):
print(
str(row.get('start', ''))[:16],
row.get('src_num', ''), '→', row.get('dst_num', ''),
row.get('disposition', ''), row.get('totalBillsec', 0), 's'
)
2026-03-17 13:30 252 → 202 ANSWERED 48 s
2026-03-17 13:30 243 → 252 BUSY 0 s
2026-03-17 13:30 243 → 89161111111 CHANUNAVAIL 0 s
2026-03-17 13:29 202 → 243 NOANSWER 0 s
2026-03-17 13:29 202 → 202 ANSWERED 2 s
2026-03-17 13:29 202 → 243 NOANSWER 0 s
2026-03-17 13:29 202 → 10003246 NOANSWER 0 s
2026-03-17 13:28 202 → 243 NOANSWER 0 s
Process finished with exit code 0
def cdr_stats(days: int = 1) -> dict:
now = datetime.now()
then = now - timedelta(days=days)
records = get_cdr(
date_from=then.strftime('%Y-%m-%dT%H:%M:%S'),
date_to=now.strftime('%Y-%m-%dT%H:%M:%S'),
limit=100
)
answered = [r for r in records if r.get('disposition') == 'ANSWERED']
missed = [r for r in records if r.get('disposition') in ('NO ANSWER', 'NOANSWER')]
total_dur = sum(r.get('totalBillsec', 0) for r in answered)
return {
'total': len(records),
'answered': len(answered),
'missed': len(missed),
'avg_sec': total_dur // len(answered) if answered else 0,
}
stats = cdr_stats(days=7)
print(f"Calls over 7 days: {stats['total']}")
print(f"Answered: {stats['answered']}")
print(f"Missed: {stats['missed']}")
print(f"Avg. duration: {stats['avg_sec']}s")
Calls over 7 days: 13
Answered: 2
Missed: 5
Avg. duration: 25s
Process finished with exit code 0
from datetime import datetime
def show_employees():
r = requests.get(f'{BASE_URL}/sip:getStatuses', headers=HEADERS)
peers = r.json().get('data', {})
for number, info in peers.items():
icon = '🟢' if info.get('status') == 'Available' else '🔴'
print(f" {icon} {number:>6} {info.get('callerid', '')} [{info.get('status', '')}]")
def show_providers():
r = requests.get(f'{BASE_URL}/sip-providers:getStatuses', headers=HEADERS)
providers = r.json().get('data', {}).get('sip', {})
for prov_id, info in providers.items():
icon = '🟢' if info.get('state') == 'registered' else '🔴'
print(f" {icon} {info.get('description', prov_id):>20} {info.get('username', '')}@{info.get('host', '')} [{info.get('state', '')}]")
if __name__ == '__main__':
print(f'MikoPBX Monitor [{datetime.now().strftime("%Y-%m-%d %H:%M:%S")}]')
print('\n── Employees ───────────────────────────────')
show_employees()
print('\n── Providers ───────────────────────────────')
show_providers()
MikoPBX Monitor [2026-03-17 16:47:35]
── Employees ───────────────────────────────
🔴 201 Smith James [Unavailable]
🟢 202 Brown Brandon [Available]
🔴 203 Collins Melanie [Unavailable]
🔴 243 John Smith [Unavailable]
🟢 244 Anna Johnson [Available]
🔴 251 John Smith [Unavailable]
🟢 252 Anna Johnson [Available]
🔴 253 Peter Brown [Unavailable]
── Providers ───────────────────────────────
🔴 Demo provider [email protected] [rejected]
🟢 Zadarma [email protected] [registered]
Process finished with exit code 0
Active calls: 1
243 → 252 [John Smith → Anna Johnson]
Process finished with exit code 0
Interactive Documentation and Endpoint List
Description of documentation and endpoint table for working with REST API in MikoPBX
MikoPBX REST API follows the OpenAPI standard. The interactive documentation is built directly into the PBX and always contains the current list of endpoints, parameters, and schemas for your version of the system.
How to Open the Documentation
Go to "System" → "API Keys".
Click the "API Documentation" button.
Interactive Documentation Features
The documentation is built on the OpenAPI standard and provides a complete description of all MikoPBX REST API endpoints.
Endpoint navigation — in the left panel, all endpoints are grouped by section.
For each endpoint, a brief description is shown along with the request method (GET, POST, PUT, PATCH, DELETE) and the endpoint with the PBX address substituted. All available request parameters are displayed below.
Code examples — ready-made request examples in different languages are available for each endpoint. The switcher is located below the parameters panel — Shell / cURL is shown by default, other languages are also available (click the language name to switch — in this guide, Python 3).
A server response example is shown below.
Online request execution — the documentation allows you to send real requests directly from the browser and receive responses from your PBX. The server is determined automatically from the current page address.
At the bottom of the page you will find possible response codes with brief explanations, as well as all body parameters for the selected response.
Endpoint List
Base prefix for all paths: /pbxcore/api/v3
Telephony and Routing
Employees
Method
Path
Description
Extensions
Method
Path
Description
SIP Providers
Method
Path
Description
IAX Providers
Method
Path
Description
Providers (combined SIP + IAX list)
Method
Path
Description
Call Queues
Method
Path
Description
IVR Menu
Method
Path
Description
Incoming Routing
Method
Path
Description
Outbound Routing
Method
Path
Description
Off-Work Time
Method
Path
Description
Conference Rooms
Method
Path
Description
Dialplan Applications
Method
Path
Description
Sound Files
Method
Path
Description
System File Customization
Method
Path
Description
Monitoring and Statistics
PBX Status
Method
Path
Description
SIP Devices
Method
Path
Description
SIP Providers (Monitoring)
Method
Path
Description
IAX Providers (Monitoring)
Method
Path
Description
Providers (Monitoring)
Method
Path
Description
Call Records (CDR)
Method
Path
Description
Advice and Recommendations
Method
Path
Description
Authentication and Access
Authentication
Method
Path
Description
API Keys
Method
Path
Description
AMI Users
Method
Path
Description
ARI Users
Method
Path
Description
Passkeys
Method
Path
Description
Passwords
Method
Path
Description
Users
Method
Path
Description
Network Filters
Method
Path
Description
System Settings
System Operations
Method
Path
Description
General Settings
Method
Path
Description
Network Interfaces and Routing
Method
Path
Description
Firewall
Method
Path
Description
Intrusion Prevention (Fail2Ban)
Method
Path
Description
Time Settings
Method
Path
Description
Mail Settings
Method
Path
Description
Storage
Method
Path
Description
S3 Cloud Storage
Method
Path
Description
Modules
Method
Path
Description
Licensing
Method
Path
Description
File Operations
Method
Path
Description
Diagnostics
System Information
Method
Path
Description
System Logs
Method
Path
Description
OpenAPI Documentation
Method
Path
Description
Search
Method
Path
Description
Documentation Links
Method
Path
Description
User Activity Tracking
Method
Path
Description
/employees/{id}
Get employee by ID
PUT
/employees/{id}
Update employee
PATCH
/employees/{id}
Partially update employee
DELETE
/employees/{id}
Delete employee
GET
/employees:getDefault
Get default values
POST
/employees:batchCreate
Batch create employees
POST
/employees:batchDelete
Batch delete employees
POST
/employees:import
Import employees (preview)
POST
/employees:confirmImport
Confirm import
POST
/employees:export
Export employees
POST
/employees:exportTemplate
Export template
/extensions:available
Check number availability
GET
/extensions:getForSelect
Get extensions for dropdown list
POST
/extensions/{id}:getPhoneRepresent
Get phone representation
POST
/extensions:getPhonesRepresent
Get phones representation
/sip-providers/{id}
Get SIP provider by ID
PUT
/sip-providers/{id}
Update SIP provider
PATCH
/sip-providers/{id}
Partially update SIP provider
DELETE
/sip-providers/{id}
Delete SIP provider
GET
/sip-providers/{id}:copy
Copy SIP provider
GET
/sip-providers:getDefault
Get SIP provider template
/iax-providers/{id}
Get IAX provider by ID
PUT
/iax-providers/{id}
Update IAX provider
PATCH
/iax-providers/{id}
Partially update IAX provider
DELETE
/iax-providers/{id}
Delete IAX provider
GET
/iax-providers/{id}:copy
Copy IAX provider
GET
/iax-providers:getDefault
Get IAX provider template
/providers:getForSelect
Get providers for dropdown list
/call-queues/{id}
Get queue by ID
PUT
/call-queues/{id}
Update queue
PATCH
/call-queues/{id}
Partially update queue
DELETE
/call-queues/{id}
Delete queue
GET
/call-queues/{id}:copy
Copy queue
GET
/call-queues:getDefault
Get default values
/ivr-menu/{id}
Get IVR menu by ID
PUT
/ivr-menu/{id}
Update IVR menu
PATCH
/ivr-menu/{id}
Partially update IVR menu
DELETE
/ivr-menu/{id}
Delete IVR menu
GET
/ivr-menu/{id}:copy
Copy IVR menu
GET
/ivr-menu:getDefault
Get default values
/incoming-routes/{id}
Get incoming route by ID
PUT
/incoming-routes/{id}
Update incoming route
PATCH
/incoming-routes/{id}
Partially update incoming route
DELETE
/incoming-routes/{id}
Delete incoming route
POST
/incoming-routes/{id}:copy
Copy incoming route
GET
/incoming-routes:getDefault
Get default values
GET
/incoming-routes:getDefaultRoute
Get default route
POST
/incoming-routes:changePriority
Change route priorities
/outbound-routes/{id}
Get outbound route by ID
PUT
/outbound-routes/{id}
Update outbound route
PATCH
/outbound-routes/{id}
Partially update outbound route
DELETE
/outbound-routes/{id}
Delete outbound route
GET
/outbound-routes/{id}:copy
Copy outbound route
GET
/outbound-routes:getDefault
Get default values
POST
/outbound-routes:changePriority
Change route priorities
/off-work-times/{id}
Get time condition by ID
PUT
/off-work-times/{id}
Update time condition
PATCH
/off-work-times/{id}
Partially update time condition
DELETE
/off-work-times/{id}
Delete time condition
GET
/off-work-times/{id}:copy
Copy time condition
GET
/off-work-times:getDefault
Get default values
POST
/off-work-times:changePriorities
Change condition priorities
/conference-rooms/{id}
Get conference room by ID
PUT
/conference-rooms/{id}
Update conference room
PATCH
/conference-rooms/{id}
Partially update conference room
DELETE
/conference-rooms/{id}
Delete conference room
GET
/conference-rooms:getDefault
Get conference room template
/dialplan-applications/{id}
Get dialplan application by ID
PUT
/dialplan-applications/{id}
Update dialplan application
PATCH
/dialplan-applications/{id}
Partially update dialplan application
DELETE
/dialplan-applications/{id}
Delete dialplan application
GET
/dialplan-applications/{id}:copy
Copy dialplan application
GET
/dialplan-applications:getDefault
Get dialplan application template
/sound-files/{id}
Get sound file by ID
PUT
/sound-files/{id}
Update sound file
PATCH
/sound-files/{id}
Partially update sound file
DELETE
/sound-files/{id}
Delete sound file
GET
/sound-files:getDefault
Get default values
GET
/sound-files:getForSelect
Get for dropdown list
GET
/sound-files:playback
Play back sound file
POST
/sound-files:uploadFile
Upload sound file
POST
/sound-files:convertAudioFile
Convert audio file
/custom-files/{id}
Get custom file by ID
PUT
/custom-files/{id}
Update custom file
PATCH
/custom-files/{id}
Partially update custom file
DELETE
/custom-files/{id}
Delete custom file
GET
/custom-files:getDefault
Get default values
/sip:getRegistry
Get registration status (legacy)
POST
/sip:processAuthFailures
Process authentication failures
GET
/sip/{id}:getStatus
Get SIP device status
GET
/sip/{id}:getStats
Get SIP device statistics
GET
/sip/{id}:getHistory
Get connection history
GET
/sip/{id}:getSecret
Get SIP password
GET
/sip/{id}:getAuthFailureStats
Get authentication failure statistics
POST
/sip/{id}:clearAuthFailureStats
Clear failure statistics
POST
/sip/{id}:forceCheck
Force status check
/sip-providers/{id}:getHistory
Get connection history
GET
/sip-providers/{id}:getStats
Get SIP provider statistics
POST
/sip-providers/{id}:forceCheck
Force registration check
POST
/sip-providers/{id}:updateStatus
Update provider status
/iax-providers/{id}:getHistory
Get connection history
GET
/iax-providers/{id}:getStats
Get IAX provider statistics
POST
/iax-providers/{id}:forceCheck
Force registration check
POST
/iax-providers/{id}:updateStatus
Update provider status
GET
/iax:getRegistry
Get IAX provider registration status
/providers/{id}:getHistory
Get provider history
GET
/providers/{id}:getStats
Get provider statistics
POST
/providers/{id}:updateStatus
Update provider status
/cdr/{id}
Delete CDR record
GET
/cdr:getMetadata
Get CDR metadata
GET
/cdr:playback
Play back call recording
GET
/cdr:download
Download call recording
/auth:logout
Log out of the system
/api-keys/{id}
Get API key by ID
PUT
/api-keys/{id}
Update API key
PATCH
/api-keys/{id}
Partially update API key
DELETE
/api-keys/{id}
Delete API key
GET
/api-keys:getDefault
Get default values
POST
/api-keys:generateKey
Generate a new key
/asterisk-managers/{id}
Get AMI user by ID
PUT
/asterisk-managers/{id}
Update AMI user
PATCH
/asterisk-managers/{id}
Partially update AMI user
DELETE
/asterisk-managers/{id}
Delete AMI user
GET
/asterisk-managers/{id}:copy
Copy AMI user
GET
/asterisk-managers:getDefault
Get default values
/asterisk-rest-users/{id}
Get ARI user by ID
PUT
/asterisk-rest-users/{id}
Update ARI user
PATCH
/asterisk-rest-users/{id}
Partially update ARI user
DELETE
/asterisk-rest-users/{id}
Delete ARI user
GET
/asterisk-rest-users:getDefault
Get default values
/passkeys/{id}
Get passkey by ID
PATCH
/passkeys/{id}
Update passkey
DELETE
/passkeys/{id}
Delete passkey
GET
/passkeys:checkAvailability
Check passkey availability
GET
/passkeys:authenticationStart
Start passkey authentication
POST
/passkeys:authenticationFinish
Finish passkey authentication
POST
/passkeys:registrationStart
Start passkey registration
POST
/passkeys:registrationFinish
Finish passkey registration
/passwords:checkDictionary
Check password against dictionary
POST
/passwords:batchValidate
Batch validate passwords
POST
/passwords:batchCheckDictionary
Batch dictionary check
/network-filters:getForSelect
Get filters for dropdown list
/system:datetime
Get system time
GET
/system:getAvailableLanguages
Get available languages
GET
/system:checkForUpdates
Get detailed update information
GET
/system:checkIfNewReleaseAvailable
Quick check for new version availability
GET
/system:getDeleteStatistics
Get deletion statistics
POST
/system:reboot
Reboot the system
POST
/system:shutdown
Shut down the system
POST
/system:upgrade
Upgrade the system
POST
/system:restoreDefault
Restore default settings
POST
/system:changeLanguage
Change system language
POST
/system:convertAudioFile
Convert audio file
POST
/system:executeBashCommand
Execute bash command
POST
/system:executeSqlRequest
Execute SQL query
POST
/system:updateMailSettings
Update mail settings
/general-settings
Partially update general settings
GET
/general-settings/{id}
Get specific setting
GET
/general-settings:getDefault
Get default values
POST
/general-settings:updateCodecs
Update codec settings
/network/{id}
Delete network interface
GET
/network:getConfig
Get full network configuration
GET
/network:getNatSettings
Get NAT settings
POST
/network:saveConfig
Save network configuration
/firewall/{id}
Get firewall rule by ID
PUT
/firewall/{id}
Update firewall rule
PATCH
/firewall/{id}
Partially update firewall rule
DELETE
/firewall/{id}
Delete firewall rule
GET
/firewall:getDefault
Get default values
GET
/firewall:getBannedIps
Get list of banned IPs
POST
/firewall:unbanIp
Unban IP address
POST
/firewall:enable
Enable firewall
POST
/firewall:disable
Disable firewall
/fail2ban
Partially update Fail2Ban settings
/mail-settings
Partially update mail settings
DELETE
/mail-settings
Reset mail settings
GET
/mail-settings:getDefault
Get default values
GET
/mail-settings:getDiagnostics
Get mail settings diagnostics
GET
/mail-settings:getOAuth2Url
Get OAuth2 authorization URL
POST
/mail-settings:refreshToken
Refresh OAuth2 token
POST
/mail-settings:testConnection
Test SMTP server connection
POST
/mail-settings:sendTestEmail
Send test email
/storage:mount
Mount storage device
POST
/storage:umount
Unmount storage device
POST
/storage:mkfs
Format storage device
POST
/storage:statusMkfs
Get formatting status
/s3-storage
Partially update S3 configuration
GET
/s3-storage:stats
Get S3 synchronization statistics
GET
/s3-storage:testConnection
Test S3 connection
/modules/{id}
Get module by ID
PUT
/modules/{id}
Update module
PATCH
/modules/{id}
Partially update module
DELETE
/modules/{id}
Delete module
GET
/modules/{id}:getModuleInfo
Get module information
GET
/modules/{id}:getModuleLink
Get module download link
GET
/modules/{id}:getDownloadStatus
Get download status
POST
/modules/{id}:startDownload
Start module download
POST
/modules/{id}:installFromRepo
Install module from repository
POST
/modules:installFromPackage
Install module from package
POST
/modules:getMetadataFromPackage
Get metadata from package
POST
/modules/{id}:enable
Enable module
POST
/modules/{id}:disable
Disable module
POST
/modules/{id}:uninstall
Uninstall module
POST
/modules:updateAll
Update all modules
GET
/modules:getAvailableModules
Get available modules
GET
/modules:getInstallationStatus
Get installation status
GET
/modules:getDefault
Get default module settings
/license:resetKey
Reset license key
GET
/license:sendPBXMetrics
Send PBX metrics
POST
/license:captureFeatureForProductId
Capture feature for product
POST
/license:processUserRequest
Process user request
/files/{id}
Delete file
POST
/files:upload
Upload file (chunked)
GET
/files:uploadStatus
Check upload status
POST
/files:downloadFirmware
Download firmware
GET
/files:firmwareStatus
Check firmware download status
/sysinfo:getHypervisorInfo
Get hypervisor information
GET
/sysinfo:getDMIInfo
Get DMI information
/syslog:getLogTimeRange
Get log time range
POST
/syslog:eraseFile
Clear log file
POST
/syslog:startCapture
Start packet capture
POST
/syslog:stopCapture
Stop packet capture
POST
/syslog:prepareArchive
Prepare log archive
POST
/syslog:downloadArchive
Download log archive
POST
/syslog:downloadLogFile
Download log file
/openapi:getDetailedPermissions
Get detailed permissions list
GET
/openapi:getSimplifiedPermissions
Get simplified permissions list
GET
/openapi:getValidationSchemas
Get validation schemas
POST
/openapi:clearCache
Clear OpenAPI cache
GET
/employees
Get list of employees
POST
/employees
Create a new employee
GET
/extensions
Get list of extensions
GET
/extensions/{id}
Get extension by ID
GET
/sip-providers
Get list of SIP providers
POST
/sip-providers
Create SIP provider
GET
/iax-providers
Get list of IAX providers
POST
/iax-providers
Create IAX provider
GET
/providers
Get list of all providers
GET
/providers/{id}
Get provider by ID
GET
/call-queues
Get list of queues
POST
/call-queues
Create a new queue
GET
/ivr-menu
Get list of IVR menus
POST
/ivr-menu
Create a new IVR menu
GET
/incoming-routes
Get list of incoming routes
POST
/incoming-routes
Create incoming route
GET
/outbound-routes
Get list of outbound routes
POST
/outbound-routes
Create outbound route
GET
/off-work-times
Get list of time conditions
POST
/off-work-times
Create time condition
GET
/conference-rooms
Get list of conference rooms
POST
/conference-rooms
Create conference room
GET
/dialplan-applications
Get list of dialplan applications
POST
/dialplan-applications
Create dialplan application
GET
/sound-files
Get list of sound files
POST
/sound-files
Create sound file
GET
/custom-files
Get list of custom files
POST
/custom-files
Create new custom file
GET
/pbx-status:getActiveCalls
Get active calls
GET
/pbx-status:getActiveChannels
Get active channels
GET
/sip:getStatuses
Get statuses of all SIP devices
GET
/sip:getPeersStatuses
Get SIP peer statuses (legacy)
GET
/sip-providers:getStatuses
Get statuses of all SIP providers
GET
/sip-providers/{id}:getStatus
Get SIP provider status
GET
/iax-providers:getStatuses
Get statuses of all IAX providers
GET
/iax-providers/{id}:getStatus
Get IAX provider status
GET
/providers:getStatuses
Get statuses of all providers
GET
/providers/{id}:getStatus
Get provider status
GET
/cdr
Get list of CDR records
GET
/cdr/{id}
Get CDR record by ID
GET
/advice:getList
Get list of system notifications
GET
/advice:refresh
Refresh notification cache
POST
/auth:login
Log in to the system
POST
/auth:refresh
Refresh access token
GET
/api-keys
Get list of API keys
POST
/api-keys
Create a new API key
GET
/asterisk-managers
Get list of AMI users
POST
/asterisk-managers
Create a new AMI user
GET
/asterisk-rest-users
Get list of ARI users
POST
/asterisk-rest-users
Create a new ARI user
GET
/passkeys
Get list of passkeys
POST
/passkeys
Create a new passkey
GET
/passwords:generate
Generate password
POST
/passwords:validate
Validate password strength
GET
/users:available
Check email availability
GET
/network-filters
Get list of network filters
GET
/network-filters/{id}
Get network filter by ID
GET
/system:ping
Check system availability
GET
/system:checkAuth
Check authentication
GET
/general-settings
Get general settings
PUT
/general-settings
Update general settings
GET
/network
Get list of network interfaces
GET
/network/{id}
Get network interface by ID
GET
/firewall
Get list of firewall rules
POST
/firewall
Create firewall rule
GET
/fail2ban
Get Fail2Ban settings
PUT
/fail2ban
Update Fail2Ban settings
GET
/time-settings:getAvailableTimezones
Get list of available timezones
GET
/mail-settings
Get mail settings
PUT
/mail-settings
Update mail settings
GET
/storage:usage
Get storage usage statistics
GET
/storage:list
Get list of available storage devices
GET
/s3-storage
Get S3 storage configuration
PUT
/s3-storage
Update S3 storage configuration
GET
/modules
Get list of modules
POST
/modules
Create module
GET
/license:getLicenseInfo
Get license information
GET
/license:ping
Check license server connection
GET
/files/{id}
Get file contents
PUT
/files/{id}
Upload/update file
GET
/sysinfo:getInfo
Get system information
GET
/sysinfo:getExternalIpInfo
Get external IP address
GET
/syslog:getLogsList
Get list of log files
POST
/syslog:getLogFromFile
Get log file contents
GET
/openapi:getSpecification
Get OpenAPI specification
GET
/openapi:getAclRules
Get API ACL rules
GET
/search:getSearchItems
Global search
GET
/wiki-links:getLink
Get documentation link
POST
/user-page-tracker:pageView
Track page view
POST
/user-page-tracker:pageLeave
Track page leave
Section "System" -> "API Keys" in MikoPBX web-interface
"API Documentation" button in the API Keys section
Navigation menu
Endpoint description with request parameters and body example
Request example in Python and server response example
