Deployment
Install Asterisk on Ubuntu (Latest Versions): Complete Production Guide
A complete, production-ready guide to install Asterisk on Ubuntu (latest versions): build from source, configure PJSIP basics, open SIP/RTP ports, enable systemd service, and verify calls end-to-end.
Install Asterisk on Ubuntu (Latest Versions): Complete Production Guide
This guide is written for modern Asterisk (PJSIP era). It is safe for production if you follow the firewall and service steps carefully.
Goal: Install Asterisk cleanly on Ubuntu, enable it as a service, open SIP/RTP ports, and verify basic PJSIP functionality.
Recommended for: Asterisk + FreePBX users, dialplan learners, and systems integrating via ARI/AMI (like MYLINEHUB VoiceBridge).
Recommended for: Asterisk + FreePBX users, dialplan learners, and systems integrating via ARI/AMI (like MYLINEHUB VoiceBridge).
0) Before You Start (Reality Check)
- Ubuntu versions: Ubuntu 22.04 or 24.04 recommended.
- Server access: You need SSH root or sudo access.
- Network: You need a public IP or correct NAT setup if behind a router.
- Ports: SIP + RTP must be allowed (details below).
Important: If this server is directly exposed to the internet, do NOT open SIP to the whole world.
Restrict SIP (5060/5061) to your provider IPs and trusted office IPs.
1) Update OS and Install Build Dependencies
Update packages and install dependencies required to build Asterisk from source.
sudo apt update
sudo apt -y upgrade
sudo apt -y install \
build-essential wget curl git subversion \
libncurses5-dev libncursesw5-dev \
libssl-dev libedit-dev \
libxml2-dev uuid-dev \
libsqlite3-dev sqlite3 \
libjansson-dev \
libcurl4-openssl-dev \
libspeexdsp-dev \
pkg-config
Why source build? Source build keeps you aligned with latest Asterisk releases and modules.
If you prefer Ubuntu packages, you can install from apt, but production features and module selection are often better controlled via source.
2) Create Asterisk User (Recommended for Production)
Create a dedicated user and group for Asterisk.
sudo adduser --system --group --home /var/lib/asterisk asterisk
sudo usermod -aG audio,dialout asterisk3) Download Asterisk (Latest Branch) and Build
Choose a stable supported branch (commonly: 20 LTS, 22, or the latest stable release you want to standardize on).
Tip: If you are integrating with FreePBX, your FreePBX version may pin an Asterisk major version.
For pure Asterisk learning + custom dialplan + PJSIP, using a supported LTS is safest.
3.1 Download and Extract
cd /usr/src
# Replace the version if you want a different stable branch.
# Example shown uses Asterisk 20.x series tarball naming style.
# If you already have a tarball URL, use it here.
sudo wget -O asterisk.tar.gz https://downloads.asterisk.org/pub/telephony/asterisk/asterisk-20-current.tar.gz
sudo tar -xzf asterisk.tar.gz
cd asterisk-20*3.2 Install MP3 sources (optional)
sudo contrib/scripts/get_mp3_source.sh3.3 Configure + Select Modules
sudo contrib/scripts/install_prereq install
sudo ./configure
# Open module selector (optional but recommended)
sudo make menuselect
In menuselect, ensure you have the essentials:
- chan_pjsip enabled (PJSIP SIP channel)
- res_pjsip modules enabled
- codec_ulaw and codec_alaw (most common telephony codecs)
3.4 Build and Install
sudo make -j"$(nproc)"
sudo make install
sudo make samples
sudo make config
sudo ldconfig4) Permissions and Directory Ownership
Set ownership so Asterisk runs under the asterisk user.
sudo chown -R asterisk:asterisk /var/lib/asterisk
sudo chown -R asterisk:asterisk /var/log/asterisk
sudo chown -R asterisk:asterisk /var/spool/asterisk
sudo chown -R asterisk:asterisk /var/run/asterisk
sudo chown -R asterisk:asterisk /etc/asterisk5) Configure Asterisk to Run as asterisk User
Edit /etc/default/asterisk and /etc/asterisk/asterisk.conf.
5.1 /etc/default/asterisk
sudo nano /etc/default/asteriskAST_USER="asterisk"
AST_GROUP="asterisk"5.2 /etc/asterisk/asterisk.conf
sudo nano /etc/asterisk/asterisk.conf[options]
runuser = asterisk
rungroup = asterisk6) Start and Enable Asterisk (systemd)
sudo systemctl daemon-reload
sudo systemctl enable asterisk
sudo systemctl restart asterisk
sudo systemctl status asterisk --no-pager6.1 Enter Asterisk CLI
sudo asterisk -rvvv
If CLI opens and shows version + prompt, installation is successful.
7) Firewall: Open ONLY What You Need (SIP + RTP)
Typical Asterisk ports:
- SIP UDP 5060 (PJSIP or legacy SIP signaling, if using UDP)
- SIP TCP 5060 (optional)
- SIP TLS 5061 (optional, secure signaling)
- RTP UDP range (default often 10000-20000)
Security warning: Never open SIP to the entire internet unless you understand the risk.
Always restrict to trusted IPs (provider, office, VPN).
7.1 Confirm RTP Port Range
Check /etc/asterisk/rtp.conf:
sudo nano /etc/asterisk/rtp.conf[general]
rtpstart=10000
rtpend=200007.2 UFW Example (Restrict SIP to Provider IP)
Example: allow SIP only from a provider IP and allow RTP from provider media IPs (or your trusted SBC IP).
# Allow SSH (keep this!)
sudo ufw allow 22/tcp
# SIP from provider only (replace 1.2.3.4 with your provider IP)
sudo ufw allow from 1.2.3.4 to any port 5060 proto udp
# RTP range from provider only (replace 1.2.3.4 with your provider media IP)
sudo ufw allow from 1.2.3.4 to any port 10000:20000 proto udp
sudo ufw enable
sudo ufw status verbose
If your provider uses multiple IPs, allow them all.
If you have remote agents, use VPN and allow SIP/RTP only from VPN subnet.
8) Minimal PJSIP Sanity Check (Local Test)
This is a quick sanity check so you can confirm PJSIP modules load properly.
8.1 Confirm PJSIP modules loaded
sudo asterisk -rvvvmodule show like pjsip
pjsip show endpoints
If you see PJSIP modules and the commands work, PJSIP is available.
9) Basic Dialplan Sanity Check (Playback)
Even before adding real SIP phones, confirm dialplan engine works.
9.1 Edit extensions.conf
sudo nano /etc/asterisk/extensions.confAdd a small context like this:
[mylinehub-test]
exten => 6001,1,NoOp(MyLineHub Test - Playback demo)
same => n,Answer()
same => n,Playback(hello-world)
same => n,Hangup()9.2 Reload dialplan
dialplan reload
To actually hear playback you need a channel (SIP phone / trunk / Local channel).
But this confirms your config loads and dialplan reload works.
10) Common Problems and Quick Fixes
Problem A: "Unable to connect to remote asterisk (does /var/run/asterisk/asterisk.ctl exist?)"
- Check service:
sudo systemctl status asterisk - Check permissions:
ls -la /var/run/asterisk - Restart:
sudo systemctl restart asterisk
Problem B: SIP registers but no audio (one-way audio)
- Most common cause: NAT / firewall / RTP ports blocked.
- Confirm RTP range open (10000-20000 UDP).
- Confirm public IP settings (NAT configuration) in PJSIP transport settings when behind NAT.
- Use packet capture:
tcpdump -i any udp port 10000and confirm RTP hits the server.
Problem C: Getting hacked scans / auth failures
- Restrict SIP to provider IPs or VPN subnet.
- Use strong passwords.
- Consider Fail2ban.
- Disable what you do not use (TLS, TCP, guest endpoints).
11) What To Do Next (Your Course Flow)
Now that Asterisk is installed, continue in this order:
- Asterisk PJSIP: Setting up network
- Asterisk PJSIP: Setting up peers
- Dialplan fundamentals (Dial, Playback, variables)
- NAT + RTP debugging (Wireshark)
- Providers (inbound/outbound trunk)
- Queues + IVR
- AMI/ARI integration (if using VoiceBridge / automation)
MYLINEHUB Tip: If your goal is integration (VoiceBridge / ARI / CRM automation),
keep your Asterisk installation stable and focus on clean PJSIP endpoint matching, RTP port control,
and structured dialplan contexts. That makes higher-level systems reliable.
Try it
Want to see API-driven CRM + Telecom workflows in action? Try the WhatsApp bot or explore the demos.
Tip: Comment โTry the botโ on our YouTube videos to see automation in action.
Quick feedback
Was this helpful?
(Yes 0 โข No 0)
Reaction
Comments (0)
Be the first to comment.