How do I configure SIP profiles?

Create a user and extension, then set the SIP ID to `user@yourdomain.com` in your softphone.

What is the maximum concurrent call capacity on a typical VPS?

It depends on CPU and RAM; a 1 GB droplet comfortably handles 2-4 simultaneous calls.

How do I set up an external SIP trunk?

Add a gateway in FusionPBX with the trunk’s IP, port, username, and password, then add it to inbound/outbound routes.

What best practices secure FusionPBX beyond firewall and Fail2Ban?

Use SSH keys, change the NGINX cert, enable HTTPS, keep the system updated, and limit the number of extensions per tenant.

How to ensure voicemail-to-email works reliably?

Verify your mail server allows outbound SMTP, test a voicemail, and check the `/var/log/voicemail.log` for errors.

Can I install FusionPBX on Ubuntu 22.04?

Yes, the same script works; just use the Ubuntu pre-install script (`ubuntu/pre-install.sh`).

How do I upgrade FusionPBX after installation?

Run `fusionpbx-admin update` from the command line or use the *Updates* tab in the web UI.

Learn how to install and secure FusionPBX on a DigitalOcean VPS, set up extensions, softphones, voicemail-to-email, and a SIP trunk—all in a step-by-step guide.

How I Turned a DigitalOcean Droplet into a Full-Featured PBX with FusionPBX.

Published by Brav

Table of Contents

TL;DR

I launched a $5 DigitalOcean droplet, ran the FusionPBX install script, and had a web-based PBX up in less than 30 minutes.
A single firewall rule set and Fail2Ban locked out bots that would otherwise spam my SIP ports.
I added extensions, softphones, and voicemail-to-email through the FusionPBX GUI—all without writing a line of code.
The same process works on Debian, Ubuntu, FreeBSD, or CentOS, so you can pick whatever OS you’re comfortable with.
With a little extra configuration, I can connect to a SIP trunk and make real-world calls from the same system.

Why This Matters

Running a PBX is still a hard skill. Most small businesses and hobbyists fall into one of three traps:

They hit SIP ports and get hammered by bots. Anyone can ping your 5060 port and try to register as a malicious caller.
They struggle to get extensions and softphones working. Without a clear guide, the GUI is intimidating, and the softphone setup is a guessing game.
They can’t reach the public phone network. If you want to call a landline or mobile, you need an external SIP trunk, and that step is often skipped.

FusionPBX is designed to eliminate those headaches. By following a single, proven installation script and a few clear configuration steps, you can get a secure, multi-tenant PBX running on a cheap VPS in minutes. I’ll walk you through everything, from the initial install to securing the system and connecting your softphones.

Core Concepts

Component	What It Does	Why It Matters
FusionPBX	A web-based front end that talks to the FreeSWITCH engine.	It gives you a GUI for everything—extensions, voicemail, call routing, and more.
FreeSWITCH	The actual telephony engine that handles SIP, RTP, codecs, and call logic.	It’s the heart of the system; all calls flow through it.
NGINX	Web server that serves the FusionPBX UI over HTTPS.	Keeps the web interface fast and secure.
PostgreSQL	Database that stores users, extensions, and call logs.	Provides ACID guarantees and scales with your traffic.
Fail2Ban + iptables	Security layer that watches logs and bans bad IPs.	Blocks bot scans, brute-force login attempts, and SIP spam.
DNS A-record	Points your domain to the droplet’s IP.	Allows you to use a friendly URL instead of a raw IP.
SIP Trunk	Bridge between your PBX and the public telephone network.	Lets you make and receive calls to regular phone numbers.

These pieces fit together automatically when you run the script. If you’re new to Linux, that’s a huge relief—most of the heavy lifting is done for you.

How to Apply It

Below is the step-by-step recipe I use every time I spin up a new PBX. The commands are written for a fresh Debian 12 droplet, but the same logic works on Ubuntu, FreeBSD, or CentOS.

1. Spin Up the Droplet

Create a $5 DigitalOcean droplet (1 vCPU, 1 GB RAM, 25 GB SSD, 1 TB transfer). – Source: DigitalOcean — Droplet Pricing (2025).
Log in with SSH and make sure you’re root or have sudo privileges.

Tip: Use an SSH key instead of a password. SSH keys give you better security and simplify future logins.

2. Update the System

apt update && apt upgrade -y
apt install -y git lsb-release wget

3. Pull and Run the Install Script

wget -O - https://raw.githubusercontent.com/fusionpbx/fusionpbx-install.sh/master/install.sh | sh

The script does everything else:

Installs FreeSWITCH, NGINX, PHP FPM, PostgreSQL, and Fail2Ban. – Source: FusionPBX — Quick Install (2025).
Configures a firewall that opens only the ports you need: SSH 22, HTTP 80/443/7443, SIP 5060-5091, RTP 16384-32768, and OpenVPN 1194 (if you use a VPN). – Source: FusionPBX — Security Configuration (2025).
Sets up Fail2Ban with jails for SSH, HTTP, and FreeSWITCH log files, protecting you from SIP bots and brute-force attacks. – Source: Same page as above.

The script also prints the droplet’s public IP. Copy that IP; you’ll need it when you set up SIP profiles.

4. Finish the Web Setup

Open a browser to https://. The first page will ask you to:

Pick an admin username and password.
Confirm the database password that the script just displayed.

You’re in! The FusionPBX dashboard is now live.

5. Create a Domain

If you want to use a custom domain (recommended), log into your DNS provider and add an A record that points pbx.yourdomain.com to the droplet’s IP. – Source: Nerd Vittles — Domain Setup (2025).

Next, open FusionPBX → Advanced → Access Controls → DNS and add the same domain. This ensures that all SIP traffic is authenticated against your domain name, not just an IP.

6. Add Users and Extensions

FusionPBX makes this a single click:

Go to Accounts → Users → Add.
Enter a name, set the password, and give the user the SuperAdmin role if you want full control.
Under Accounts → Extensions → Add, pick a number (e.g., 100) and attach it to the user you just created.

These extensions are what your softphones will register as. – Source: Nerd Vittles — Domain Setup (2025).

7. Configure Softphones

Twinkle (Linux)

Download from the Twinkle page. – Source: Twinkle — Softphone (2025).
Open the Profile Manager, click New, and fill in:
- SIP ID: [email protected]
- Password: the one you set for the user.
- SIP Server: your domain or public IP.
- RTP IP: the same IP.

Telephone (macOS)

Install from Softpedia. – Source: Telephone — Softphone (2025).
Create a profile exactly the same way Twinkle does.

Both softphones will now register successfully and show a line on the FusionPBX Status → Registrations page.

8. Set Up Call Routing and Voicemail

Call Routing – In FusionPBX → Inbound Routes → Add, choose the DID you want to use, then set the Destination to the desired extension.
Voicemail – In FusionPBX → Voicemail → Add, pick an extension, set a password, and add an email address. The system will automatically forward new voicemails to that email.

If you need to route all calls to a call group, create one in Ring Groups and then set it as the destination. – Source: FusionPBX — Features (2025).

9. Add an External SIP Trunk

Without a trunk, your PBX can only talk to other SIP devices on the same network. To dial a landline or mobile:

Sign up for a SIP trunk provider (many offer a free trial).
In FusionPBX → Gateway → Add, enter the provider’s IP, port, username, and password.
Add the gateway to your inbound and outbound routes. – Source: FusionPBX — SIP Trunking (2025).

10. Harden the System Further

Change the default NGINX SSL certificates to your own Let’s Encrypt cert.
Enable SSH key authentication only and disable password login in /etc/ssh/sshd_config.
Regularly update the server and FusionPBX (apt update && apt upgrade and fusionpbx-admin update).

Fail2Ban will already be watching the logs, but a fresh firewall rule set gives you peace of mind.

Pitfalls & Edge Cases

Pitfall	Why It Happens	Fix
SIP registration fails on public Wi-Fi	NAT or firewall blocks port 5060	Open the port in your local router or use a VPN.
Voicemail-to-email not working	Mail server blocked by ISP	Configure Postfix or use an external SMTP relay.
External SIP trunk drops calls	Outbound ports blocked	Open TCP 5060, UDP 5060, and the RTP range in the firewall.
Too many concurrent calls	Droplet RAM is 1 GB	Upgrade to a 2 GB or 4 GB droplet; FreeSWITCH can handle 8-10 calls per GB.
Hard to manage on FreeBSD	Script assumes Debian packages	Use the FreeBSD pre-install script from the GitHub repo.

If you run into any of these, the first place to check is the FusionPBX logs (under /var/log/fusionpbx/) and the Fail2Ban logs (/var/log/fail2ban.log). They usually point directly to the problem.

Quick FAQ

Question	Answer
How do I configure SIP profiles?	Create a user and extension, then set the SIP ID to [email protected] in your softphone.
What is the maximum concurrent call capacity on a typical VPS?	It depends on CPU and RAM; a 1 GB droplet comfortably handles 2-4 simultaneous calls.
How do I set up an external SIP trunk?	Add a gateway in FusionPBX with the trunk’s IP, port, username, and password, then add it to inbound/outbound routes.
What best practices secure FusionPBX beyond firewall and Fail2Ban?	Use SSH keys, change the NGINX cert, enable HTTPS, keep the system updated, and limit the number of extensions per tenant.
How to ensure voicemail-to-email works reliably?	Verify your mail server allows outbound SMTP, test a voicemail, and check the /var/log/voicemail.log for errors.
Can I install FusionPBX on Ubuntu 22.04?	Yes, the same script works; just use the Ubuntu pre-install script (ubuntu/pre-install.sh).
How do I upgrade FusionPBX after installation?	Run fusionpbx-admin update from the command line or use the Updates tab in the web UI.

Conclusion

If you’re an IT admin, small-business owner, or hobbyist who needs a phone system that works, is open source, and runs on a cheap VPS, FusionPBX is a solid choice. With the steps above, you’ll have:

A secure PBX that blocks bots automatically.
Extensions that work with Twinkle, Telephone, or any SIP softphone.
Voicemail that lands in your inbox.
Call routing and groups that can be expanded to a full call center.
The option to add a SIP trunk and dial out to the public network.

Who should use this?

Small teams that want an affordable, self-hosted PBX.
Developers who want to experiment with FreeSWITCH.
Network engineers who need a flexible, multi-tenant system.

Who shouldn’t?

Large enterprises that require SLA guarantees or dedicated support.
People who want zero configuration; the script does most of it, but you still need to manage extensions and trunks.

Give it a try, and let me know in the comments how your FusionPBX experience goes!

References

FusionPBX — Quick Install (2025) – https://docs.fusionpbx.com/en/latest/getting_started/quick_install.html
FusionPBX — Security Configuration (2025) – https://deepwiki.com/fusionpbx/fusionpbx-install.sh/8-security-configuration
Nerd Vittles — Domain Setup (2025) – https://nerdvittles.com/a-new-adventure-introducing-fusionpbx-again/
FusionPBX — Install Script (2025) – https://github.com/fusionpbx/fusionpbx-install.sh
FusionPBX — OS Support (2025) – https://blog.csdn.net/qq_34777982/article/details/125249253
Twinkle — Softphone (2025) – https://www.linuxlinks.com/Twinkle/
Telephone — Softphone (2025) – https://mac.softpedia.com/downloadTag/VOIP
DigitalOcean — Droplet Pricing (2025) – https://dev.to/devopsfundamentals/digitalocean-fundamentals-droplets-2497
FusionPBX — Features (2025) – https://docs.fusionpbx.com/en/latest/
FusionPBX — SIP Trunking (2025) – https://www.pbxforums.com/threads/using-fusionpbx-as-siptrunk-server.8359/
FreePBX — Overview (2025) – https://www.asterisk.org/downloads/

Last updated: December 18, 2025