We have fundamentally redesigned the approach to updating through the img file. This update method was triggered in the following cases:
Online update
Update using a local img file
Previously, the update was performed according to the following algorithm:
Uploading the img file to the PBX
Termination of active processes
Unmounting the disks
Writing the update file to the disk (dd)
Often, issues arose during the 3rd step. The system refused to unmount the disk, even if it was no longer utilizing its resources. As a result, problems occurred, and data could be lost.
In release 2022.3.15, a mechanism for creating a preliminary "snapshot" of the system partitions was added, allowing the system to be restored from a backup.
In release 2023.1.223, we changed the algorithm as follows:
Uploading the img file to the PBX
Restarting the PBX
Snapshot of the system disk
Writing the update file to the disk (BEFORE connecting the disks)
In addition, we implemented a mechanism to save a backup copy of the PBX's settings database to the storage disk. When modifications to the settings are made, a backup of the database will be created in the following path: /storage/usbdisk1/mikopbx/backup/db
The directory will store the last 5 versions:
This should increase fault tolerance and expand the system recovery capabilities in case of failures.
We upgraded fail2ban to version 1.0.2.
The mechanism for blocking IP addresses has been reworked.
In earlier releases, if there were password guessing attempts, access from the IP address was blocked to all PBX ports.
In release 2023.1.223, the mechanism was reworked. If password guessing occurs on port 5060, access will only be blocked to 5060+RTP range. Access to the web interface will remain open.
This can be useful when the PBX is in the cloud. We avoid blocking access to the station when an incorrect password is unintentionally entered. It will still be possible to access the web interface and remove the block.
The iptables rules have been reworked using -m multiport, which makes the output of iptables -L -n more understandable.
We have expanded the possibilities of customizing queues. An example of a queue dialplan:
Now it is possible to define a context through customization of system files:
In this context, you can perform arbitrary actions before the call is directed to the queue. Play a media file, set additional channel variables, send an email to the responsible person.
Several bugs related to call recording and call resumption have been fixed.
Now, in the employee's profile, there is an option to disable call recording:
All dialogs involving internal and mobile numbers of the employee will NOT be recorded. This can be useful for directors and other company executives.
An option to disable recording of all internal calls has been added. To do this, you should uncheck the flag in the "System" - "General Settings" - "Call Recording" - "Record Internal Calls".
The new interface for displaying the list of non-working time is more informative and compact:
Previously, to describe non-working time from 18:00 to 8:00, it was necessary to create two rules: 00:00 - 08:00 and 18:00 - 23:59. Now it is possible to specify a single rule 18:00 - 08:00:
This allows reducing the number of rules and organizing the schedule more efficiently.
We were often asked to provide the ability to configure different working schedules for different company departments. Now it is possible.
In the non-working time rule card, there is an option "Apply only to specific inbound routes". Now the rule can be linked to specific inbound routes. This option allows creating more flexible rules that will apply to specific company departments.
Example:
In this example, the rule will only apply to one company number.
A button has been added to the call history log to navigate to the call log:
Such logs can be passed to technical support for analysis of PBX behavior.
Extended filtering options have been added to the call log:
You can enter several substrings separated by the "&" symbol, and the log containing all listed substrings will be displayed.
Modules for connecting to Homer have been added to the Asterisk build. The modules can be configured through customization of system files.
A lot of work has been done on bug fixing. This version is considered stable. Tested on Ubuntu, Debian, with the main requirement being Linux 5 version.
New Instructions
Only the most important changes have been listed. The full list can be found in the release description.
We strive to make MikoPBX stable, easy to configure, and maintain. We hope it becomes a reliable tool for your company.
Published on 16.05.2024
The Linux kernel and system libraries have been updated to the latest available versions. Notably, the Linux kernel has been updated to version 6.6.1, and Asterisk has been updated to version 20.7.0.
All operations for installing and updating modules have been moved to the backend. A detailed card for each module now allows users to select the version for installation, view the version history, and read the change log. It is now possible to not only update a module but also roll back to a previous version.
Error display during installation, updates, enabling, and disabling modules has been optimized. Now, they appear next to the module in the table, rather than in the marketplace header.
An option to update all modules with a single button has been added.
In the previous release, a mechanism was introduced that automatically disables modules that encounter severe errors. Some users faced difficulties identifying the cause of a module's deactivation. Now, the reason is displayed next to the toggle, and clicking on the icon reveals the error message text.
Some paid modules required guaranteed connectivity to the licensing server to function. In the current release, an offline mode has been implemented where the system remembers the last state of the license and uses the cached state if there is no connectivity to the licensing server. This reduces failures in operating licensed modules.
The mechanism for automatic setup of MikoPBX during cloud installations has been standardized, and instructions have been updated for the following environments:
An automatic MTU detection mechanism has been added for operations in cloud environments.
After installation and full system boot, the serial console displays the authentication parameters.
Previously, after system installation, it would repeatedly check the environment for cloud configuration at every reboot. Now, after successful installation and any system setting changes, cloud provisioning is disabled.
The storage disk for installation in the cloud is connected automatically, which is convenient as there is no need to use an SSH console when deploying a new image.
When installing in the cloud, an SSH user with root privileges and an arbitrary name, usually set in the instance settings, is automatically added. If necessary, the username can be changed in the main system settings.
After cloud installation, the web interface login uses the username admin and a password that matches the unique instance identifier. On first login, the system will require the password to be changed.
Added the ability to set many MikoPBX parameters via environment variables, including network settings, administrator name and password, SSH keys, SSL keys for proper HTTPS operation, and much more.
Previously, the fail2ban mechanism, which automatically blocked the IP address of the attacker, was used for protection. By default, entering the wrong password three times was enough for the system to stop responding to browser requests. If active protection was disabled, it was possible to continuously guess passwords.
In the new version, a combined mechanism is used.
If the wrong password is entered, the system remembers the IP address and counts the attempts. If the wrong password is entered more than 10 times within 5 minutes, the password input form disappears, and an informational message is displayed instead.
If the brute force attempt continues through REST requests, the system blocks the attacker's IP address for HTTP interface access on the 14th attempt.
Added saving the state, sorting, and current page in the employee list. Optimized mechanisms for checking SIP passwords for security to reduce system load. Implemented an automatic adjustment mechanism for the number of rows per page depending on the screen size and resolution.
Optimized the configuration form, added the ability to allow the command action for manager accounts.
All necessary system and firewall settings and agent startup are now automatically performed along with the module's start. The configuration file code has been moved to the module form for easy editing. If the port number is changed in the zabbix configuration file, it is automatically passed to the Firewall settings section to manage access to this port at the subnet level.
The zabbix_agent binary is no longer included in the main delivery; it is now delivered as part of a separate module.
In MikoPBX, a bug has been fixed that sometimes did not redirect to the selected page after authentication.
Rights for all currently available extension modules have been described and grouped for easy administration.
Added pagination to the user list to facilitate managing call record filters and employee access rights. Added sorting by selected accounts in the filter.
In the setup form, tabs have been added, and a cross-search feature is now available in the table of blocked addresses.
Blocked addresses and reasons for blocking are grouped by IP address into a single line.
Module messages are now recorded in their own log files.
Added the ability to create a copy of a provider and routing settings with one click on the icon in the table.
This new feature allows adding a link to a calendar and using it as a source for non-working hours. Simply set periods with the busy status in your calendar, and all calls during these periods will be routed according to the non-working hours route.
The non-working hours mechanism has been revamped. Now, each rule is processed in an isolated context. Errors in the operation of non-working hours restrictions for providers (incoming routes) have been corrected.
During system updates, the mechanism for obtaining update scripts from the new image has been implemented, allowing for correct system updates, even if errors were found in this subsystem in previous releases.
All messages during the update process are duplicated to the serial console, allowing for logging the process or monitoring the update in real-time when the installation was performed in a system without access to the usual graphic console, especially in cloud installations.
Added a timer for booting from the LiveCD during system installation, similar to the Windows installer's prompt to boot from disk. Often, clients faced issues after installation when the disk was not ejected automatically, and the system continuously booted in recovery mode.
Optimized operation with NVMe disks; the previous release did not support installation on such disks.
When selecting the menu item - installation with the deletion of all settings, in the past release this did not work correctly and after the start, the system was automatically restored from backup. Now, not only the system partition is formatted but also the data storage disk.
In the new version, separate parameters for external SIP and SIP_TLS ports have been added to the network interface settings, from which port forwarding is performed on the network router. Added reference information with a list of current ports that need to be forwarded on the router when NAT support is enabled.
An option has been added that allows updating the router's IP address by making a request to an external resource at system boot. This eliminates problems when installing in the cloud, where the cloud environment does not pass information about the virtual machine's IP address.
We are gradually expanding the number of available languages in the interface; Thai has been added in this release. Many thanks to our translators.
In the call log, an automatic adjustment mechanism for the list size according to screen sizes has been implemented.
Implemented automatic cleaning of entries in the call history log according to the setting for deleting old records. Previously, only audio files were deleted.
Added a field for storing important information in the provider's card, such as account number, personal account address, provider contract number, list of used telephone numbers, etc.
Added the option to route a call to play a sound file in the incoming routing rules.
Implemented the ability to auto-answer during originate for MicroSIP and Telephone softphones.
In the advanced settings of the provider, it is now possible to specify DIAL_COMMAND parameters.
Added a log of CLI commands of Asterisk to a file on disk for storage.
For SSH session authorization by key, support for the ed25519 standard signature has been implemented.
The DHCP client supports receiving a list of custom Route routes in the staticroutes parameter.
In the previous version, some clients encountered the issue of hanging channels, as a result of which it was impossible to call some employees without restarting Asterisk. Now, the channel will be reset if no RTP packets are received within 30 seconds.
In the previous version, call forwarding to service numbers, such as voicemail, busy signal, forwarding to an employee by DID, and call termination, did not work correctly.
In some cases, when authorizing, an error of the Crypt() algorithm occurred when using simple passwords.
By default, a call queue waiting limit of 300 seconds was set without displaying this parameter in the interface, leading to an unexpected drop of calls hanging in the queue for more than 5 minutes.
Sometimes, the call recording did not continue after successful forwarding.
Optimized the mechanism for deleting temporary files, which sometimes led to system hang-ups during loading.
Fixed the error in selecting the transport for the PJSIP protocol, which led to the inoperability of the channel.
The for installing and updating MikoPBX in a Docker container have been completely updated. Added an example of automatic deployment of multiple containers on a single host, described a way to bypass Docker's limitations on passing a large range of RTP ports. Artificial limitations on working with kernel version 5+ have been removed; if the container starts and operates, then all is well.
If you want to help with translating the MikoPBX interface and modules, please .
In the new version of MikoPBX, we've made several interface and form improvements, allowing administrators to manage the server from tablets or even mobile phones. We tested form functionality in various resolutions and made the sidebar menu dynamic. If the screen is small, the menu is hidden, and unnecessary fields in tables are also hidden.
We made numerous changes to the MikoPBX code to enable user access management to different sections of the system, including hiding or showing form elements, menu items, and buttons. We also added support for multiple authentication methods and external module-based authentication, including domain login and password usage.
You can read more about the user access management module in its documentation.
The new domain synchronization module facilitates a bidirectional exchange of employee data and their contact numbers between the domain and MikoPBX. This module automates the data synchronization process, ensuring that the information in the domain remains up-to-date. When onboarding a new employee, their details are automatically integrated into the MikoPBX telephony system, with an available internal number being assigned.
You can read more about the ldap sync module in its documentation.
In the new version of MikoPBX, we expanded the API to manage the interface. Now, when you install additional modules, you can modify the web interface of existing forms, add tabs, buttons, and input fields.
For example, with the User Groups module, you can manage groups directly from the employee form.
You can also manage access rights and authentication data for employees directly from their card.
In the MikoPBX source code, we've made significant improvements and changes to ensure that class, method, and function descriptions follow best practices for JS and PHP development. We've organized complex classes separately from simpler ones and restructured some algorithms to work in the background.
We've introduced background tasks in the system to regularly check the complexity of passwords for SIP, AMI, and system access. Additionally, we've updated the general settings form to prevent "peeking" at previously set passwords.
The system settings now allow you to set the retention period for call recordings. You can choose from several standard values or disable the deletion of old recordings. In this case, recordings will be deleted only if the storage space drops below 500 megabytes, and they will be deleted starting from the oldest ones.
Installing MikoPBX inside a Docker container is one of the installation options. In the new release, we optimized the web interface and console menu, hiding menu items not used in the container installation.
We've also improved network settings, allowing you to specify the system's external address, particularly useful for complex network topologies with port forwarding to public addresses on systems deployed within the perimeter and installed inside Docker containers.
In some cases, more complex modifications to system files are required than simply adding text to the end of a configuration file. For instance, you may need to redistribute PJSIP account parameters while retaining the ability to configure the system through the web interface.
We've introduced a new approach to customization, where you can describe a Bash script that will execute each time the system generates a configuration file. This way, integrators can make precise changes to configuration files without developing additional modules.
For example, you can modify the pjsip.conf file and change the max_contacts parameter for all internal numbers, except one.
Or you can include additional lines of code within the dialplan in the extensions.conf file.
This tool adds flexibility to the customization capabilities of the system but may lead to complete system malfunction. We strongly recommend testing customization scripts on a copy of the working system.
You can see the script's result on the file contents tab, after the system completes the generation and script execution. For some files, this process takes 1-2 minutes, while others may require system restart.
The advice mechanism is now integrated with the notification mechanism. When changing the SSH password or encountering disk issues, the administrator will receive an email with details about the MikoPBX parameters in which the incident occurred. Previously, errors could only be checked after logging into the system, but now notifications are sent automatically.
In the future, additional metrics will be added to this system, including average CPU load, memory usage, issues with IP telephony provider registration, and critical kernel issues.
We've rewritten the marketplace's code, unified the tabs, and moved part of the modules to the backend. As you already know, MikoPBX is a free open-source system without any restrictions. We don't plan on changing this policy, but development requires resources. Therefore, we plan to monetize MikoPBX through the development and sale of our own and partner extensions in our app store.
In the latest update, we've made some changes to the interface of the section, combining module management and system registration into separate tabs in one section. Paid and free modules are now marked with different icons in the list. We've also optimized the module installation code and fixed all identified errors.
Under the hood, MikoPBX hides a lot of changes and improvements that allow the development of functional extensions. If you're proficient in PHP and JS programming languages, understand how Asterisk works, and have ideas for developing new modules or are already actively doing so, we invite you to join the developer channel on Telegram. Let's develop MikoPBX together!
We're gradually expanding the set of basic translations for the web interface. In the new release, we've added 2 new languages and are improving the others.
A huge thanks to our translators for their help:
Jochem Pluim
Secrieru Ion
Mikayil Isayev
Voutsas Theocharis
Everton Massen Goncalves
If you want to help with the translation of the MikoPBX interface and modules, follow this link.
When configuring calls, developing new applications, and analyzing issues, it's sometimes necessary to analyze system logs, which are available in the MikoPBX web interface. We have added a clear log file button that allows you to start your analysis with a clean slate.
In the current release, an API for quickly creating a large number of employees has been implemented. During testing, we described the algorithm for generating new employees in ChatGPT and conducted stress testing for creating 700 random accounts in different languages. It took about 1 minute to complete the load test, and it was successful.
You can read more about this case in detail here.
