What's pre-configured on a fresh LYLIX ViciBox VPS and what's left for you

A freshly deployed ViciBox® VPS arrives with the install already done — openSUSE Leap base, Vicidial® stack installed, Asterisk® configured, MariaDB seeded, Apache serving the admin GUI. Cloud-init runs a per-clone first-boot pass before you log in that handles the parts that would otherwise be a manual half-hour. This article is the short version of what's pre-done and what isn't.

What first-boot does for you

• IP rewrite. The template's hardcoded management IP is replaced everywhere it appears — ADMIN_update_server_ip.pl --auto walks Vicidial's databases and config files. By the time you log in, the GUI and Asterisk are bound to your actual public IP.
• Vicidial admin password rotated. A fresh alphanumeric password is generated for the 6666 admin user and delivered in your welcome email. The default vicidial password is gone.
• HTTPS certificate. A 4096-bit self-signed cert is regenerated per-clone (10-year TTL, SAN includes your IP and hostname). Apache reloads after.
• HTTP → HTTPS redirect. Inserted into the default Apache vhost so the admin password doesn't go over the wire in cleartext on first visit.
• qemu-guest-agent. Started, so portal-side snapshots and stats work.
• fstrim weekly. Enabled so the host's thin-provisioned storage reclaims freed blocks instead of slowly inflating forever.

You can verify first-boot ran clean by looking at /var/log/vps-init.log on the VPS. Each step logs a [vps-init] line; "firstboot complete" at the bottom means no errors.

What's NOT done — your job before going live

1. Replace the self-signed certificate

The auto-generated cert keeps the admin login out of cleartext, but agents will see browser warnings. If you have a real hostname pointing at the VPS, install a proper certificate via certbot --apache or by dropping your own cert/key into /etc/apache2/ssl.crt/ and /etc/apache2/ssl.key/. Re-run apache2ctl configtest and systemctl reload apache2. WebRTC agent stations (if you use them) will refuse to connect to a self-signed WSS endpoint, so this is gated for that.

2. Add at least one outbound trunk

The base install has no carrier configured. See the carrier-trunks KB article for sizing math and a carrier shortlist. If you're just testing, a single-port registration to Telnyx or VoIP.ms is enough to place outbound test calls; predictive dialing needs many more ports than that and is sized by your traffic plan, not your agent count.

3. Configure your campaign(s) and lists

Admin GUI → Campaigns. Skim the list of "DEMO" campaigns the install ships with — they're useful for verifying audio end-to-end with a single agent, but you'll want to deactivate or delete them before going live so a misclick can't dial your real list under DEMO settings (callerid="UNKNOWN", abandon rate uncapped, recording off).

4. DNC scrub and list ingestion

If you're dialing leads you sourced yourself, scrub against the federal DNC list and any state lists you need (see TCPA / recording compliance article). Load lists via Admin → Lists → Load New List File; pay attention to the field-mapping screen — a misaligned column puts phone numbers in the address field and you'll waste your trunk allocation calling junk.

5. Recording storage plan

Default recording path is /var/spool/asterisk/monitorDONE/. On a single-VPS install this fills up fast — figure ~1 MB per minute per call (WAV) or ~150 KB per minute (gsm). Decide upfront whether you're auto-shipping recordings off-host (rsync / S3-compatible) or capping retention at N days with a cleanup cronjob.

6. Firewall on the SIP and ESL ports

Vicidial's Asterisk listens on UDP/5060 (SIP) and the manager interface on TCP/5038 (ESL/AMI). Both are open by default on the LYLIX VPS firewall — fine if you're allowlisting your carrier and your agents at the application layer, NOT fine if you leave them wide open to the internet. Either tighten in the LYLIX portal's firewall tab or use openSUSE's firewalld on the VPS itself.

7. Agent stations

You don't deploy a ViciBox VPS without agents on the other end. Pick your agent setup model — hardphone, softphone, or WebRTC — and provision them. See the agent-stations and webrtc articles.

Quick sanity test — first 5 minutes

1. Log in to https://<your-ip>/vicidial/ as user 6666 with the password from your welcome email.
2. Admin → Servers → confirm the listed server IP is your actual public IP (first-boot rewrote it, but verify).
3. Admin → System Settings → confirm Active=Y.
4. SSH in. Run asterisk -rx "core show channels" — should return cleanly (probably 0 active channels).
5. SSH-side, check tail -n 30 /var/log/asterisk/messages for any SIP registration failures or unexpected errors.

If all four are clean, the platform's ready. The rest is your configuration.

Snapshots before you experiment

Take a snapshot from the LYLIX portal before your first carrier addition and before your first dialplan change — Vicidial config mistakes can wedge the system in non-obvious ways (dropped channels, GUI loops). Snapshot rollback is a few seconds; rebuilding lost work is hours.