flexisip.conf 17 KB
Newer Older
jehan's avatar
jehan committed
1 2 3 4 5 6 7 8 9 10 11 12
##
## This is the default Flexisip configuration file
##

##
## Some global settings of the flexisip proxy.
##
[global]
# Outputs very detailed logs
#  Default value: false
debug=false

jehan's avatar
jehan committed
13 14 15 16 17
# Automatically respawn flexisip in case of abnormal termination
# (crashes)
#  Default value: true
auto-respawn=true

jehan's avatar
jehan committed
18 19 20
# List of white space separated host names pointing to this machine.
# This is to prevent loops while routing SIP messages.
#  Default value: localhost
jehan's avatar
jehan committed
21
aliases=localhost sipopen.example.org sip.example.org auth.example.org auth1.example.org auth2.example.org
jehan's avatar
jehan committed
22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38

# List of white space separated SIP uris where the proxy must listen.Wildcard
# (*) can be used to mean 'all local ip addresses'. If 'transport'
# prameter is unspecified, it will listen to both udp and tcp. An
# local address to bind can be indicated in the 'maddr' parameter,
# while the domain part of the uris are used as public domain or
# ip address. Here some examples to understand:
# * listen on all local interfaces for udp and tcp, on standart
# port:
# 	transports=sip:*
# * listen on all local interfaces for udp,tcp and tls, on standart
# ports:
# 	transports=sip:* sips:*
# * listen on 192.168.0.29:6060 with tls, but public hostname is
# 'sip.linphone.org' used in SIP messages. Bind address won't appear:
# 	transports=sips:sip.linphone.org:6060;maddr=192.168.0.29
#  Default value: sip:*
jehan's avatar
jehan committed
39 40
#transports=sip:192.168.56.101:5060  sips:192.168.56.101:5061
transports=sip:127.0.0.1:5060  sips:127.0.0.1:5061
jehan's avatar
jehan committed
41 42 43

# An absolute path of a directory where TLS server certificate and
# private key can be found, concatenated inside an 'agent.pem' file.
jehan's avatar
jehan committed
44
#  Default value: /etc/flexisip/tls
jehan's avatar
jehan committed
45
#tls-certificates-dir=/etc/flexisip/tls
jehan's avatar
jehan committed
46
#tls-certificates-dir=/media/sf_workspaces/workspace-macosx/flexisip
jehan's avatar
jehan committed
47
tls-certificates-dir=/Users/jehanmonnier/workspaces/workspace-sip-parser/linphone-private/tester/certificates
jehan's avatar
jehan committed
48 49 50 51 52 53 54 55 56

##
## STUN server parameters.
##
[stun-server]
# Enable or disable stun server.
#  Default value: true
enabled=true

jehan's avatar
jehan committed
57 58 59 60
# Local ip address where to bind the socket.
#  Default value: 0.0.0.0
bind-address=0.0.0.0

jehan's avatar
jehan committed
61 62 63 64
# STUN server port number.
#  Default value: 3478
port=3478

jehan's avatar
jehan committed
65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93
##
## DOS protection parameters.
##
[dos-protection]
# Enable or disable DOS protection using IPTables firewall.
#  Default value: false
enabled=false

# List of whitelist IPs which won't be affected by DOS protection.
#  Default value: 127.0.0.1
authorized-ip=127.0.0.1

# Local ports to protect.
#  Default value: 5060
port=5060

# Time (in seconds) while an IP have to not send any packet in order
# to leave the blacklist.
#  Default value: 60
ban-duration=60

# Number of packets authorized in 1sec before considering them as
# DOS attack.
#  Default value: 20
packets-limit=20

# Maximal amount of simultaneous connections to accept.
#  Default value: 1000
maximum-connections=1000
jehan's avatar
jehan committed
94 95 96 97 98 99 100 101 102 103 104

##
## The NatHelper module executes small tasks to make SIP work smoothly
## despite firewalls.It corrects the Contact headers that contain
## obviously inconsistent addresses, and adds a Record-Route to ensure
## subsequent requests are routed also by the proxy, through the
## UDP or TCP channel each client opened to the proxy.
##
[module::NatHelper]
# Indicate whether the module is activated.
#  Default value: true
jehan's avatar
jehan committed
105
enabled=true
jehan's avatar
jehan committed
106

jehan's avatar
jehan committed
107 108 109 110 111 112
# A request/response enters module if the boolean filter evaluates
# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain
# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org')
# && (user-agent == 'Linphone v2')
#  Default value: 
filter=
jehan's avatar
jehan committed
113

jehan's avatar
jehan committed
114 115 116 117
# Internal URI parameter added to response contact by first proxy
# and cleaned by last one.
#  Default value: verified
contact-verified-param=verified
jehan's avatar
jehan committed
118 119 120 121 122 123 124 125 126 127

##
## The authentication module challenges SIP requests according to
## a user/password database.
##
[module::Authentication]
# Indicate whether the module is activated.
#  Default value: false
enabled=true

jehan's avatar
jehan committed
128 129 130 131 132
# A request/response enters module if the boolean filter evaluates
# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain
# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org')
# && (user-agent == 'Linphone v2')
#  Default value: 
jehan's avatar
jehan committed
133
filter= from.uri.domain contains 'sip.example.org' || from.uri.domain contains 'auth.example.org' || from.uri.domain contains 'auth1.example.org' || from.uri.domain contains 'auth2.example.org' 
jehan's avatar
jehan committed
134 135 136 137

# List of whitespace separated domain names to challenge. Others
# are denied.
#  Default value: 
jehan's avatar
jehan committed
138
auth-domains= sip.example.org auth.example.org auth1.example.org auth2.example.org
jehan's avatar
jehan committed
139 140 141 142 143 144 145 146 147 148

# List of whitespace separated IP which will not be challenged.
#  Default value: 
trusted-hosts=

# Database backend implementation [odbc, file].
#  Default value: odbc
db-implementation=file

# Odbc connection string to use for connecting to database. ex1:
jehan's avatar
jehan committed
149
# DSN=myodbc3; where 'myodbc3' is the datasource name. ex2: DRIVER={MySQL};SERVER=host;DATABASE=db;USER=user;PASSWORD=pass;OPTION=3;
jehan's avatar
jehan committed
150 151 152 153 154
# for a DSN-less connection. ex3: /etc/flexisip/passwd; for a file
# containing one 'user@domain password' by line.
#  Default value: 
datasource=./userdb.conf

jehan's avatar
jehan committed
155 156 157 158
# Odbc SQL request to execute to obtain the password 
# . Named parameters are :id (the user found in the from header),
# :domain (the authorization realm) and :authid (the authorization
# username). The use of the :id parameter is mandatory.
jehan's avatar
jehan committed
159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196
#  Default value: select password from accounts where id = :id and domain = :domain and authid=:authid
request=select password from accounts where id = :id and domain = :domain and authid=:authid

# Maximum length of the login column in database.
#  Default value: 100
max-id-length=100

# Maximum length of the password column in database
#  Default value: 100
max-password-length=100

# Use pooling in odbc
#  Default value: true
odbc-pooling=true

# Display timing statistics after this count of seconds
#  Default value: 0
odbc-display-timings-interval=0

# Display timing statistics once the number of samples reach this
# number.
#  Default value: 0
odbc-display-timings-after-count=0

# Retrieve passwords asynchronously.
#  Default value: false
odbc-asynchronous=false

# Duration of the validity of the credentials added to the cache
# in seconds.
#  Default value: 1800
cache-expire=1800

# Retrieve password immediately so that it is cached when an authenticated
# request arrives.
#  Default value: true
immediate-retrieve-password=true

jehan's avatar
jehan committed
197 198
# True if retrieved passwords from the database are hashed. HA1=MD5(A1)
# = MD5(username:realm:pass).
jehan's avatar
jehan committed
199 200 201
#  Default value: false
hashed-passwords=false

jehan's avatar
jehan committed
202 203 204 205
# When receiving a proxy authenticate challenge, generate a new
# challenge for this proxy.
#  Default value: false
new-auth-on-407=false
jehan's avatar
jehan committed
206

jehan's avatar
jehan committed
207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242
##
## ...
##
[module::GatewayAdapter]
# Indicate whether the module is activated.
#  Default value: false
enabled=false

# A request/response enters module if the boolean filter evaluates
# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain
# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org')
# && (user-agent == 'Linphone v2')
#  Default value: 
filter=

# A gateway uri where to send all requests, as a SIP url (eg 'sip:gateway.example.net')
#  Default value: 
gateway=

# Modify the from and to domains of incoming register
#  Default value: 
gateway-domain=

# The gateway will be added to the incoming register contacts.
#  Default value: true
fork-to-gateway=true

# Send a REGISTER to the gateway using this server as a contact
# in order to be notified on incoming calls by the gateway.
#  Default value: true
register-on-gateway=true

# Parameter name hosting the incoming domain that will be sent in
# the register to the gateway.
#  Default value: routing-domain
routing-param=routing-domain
jehan's avatar
jehan committed
243 244 245 246 247 248 249 250 251 252 253

##
## The Registrar module accepts REGISTERs for domains it manages,
## and store the address of record in order to route other requests
## destinated to the client who registered.
##
[module::Registrar]
# Indicate whether the module is activated.
#  Default value: true
enabled=true

jehan's avatar
jehan committed
254 255 256 257 258 259
# A request/response enters module if the boolean filter evaluates
# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain
# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org')
# && (user-agent == 'Linphone v2')
#  Default value: 
filter=
jehan's avatar
jehan committed
260 261 262 263

# List of whitelist separated domain names to be managed by the
# registrar.
#  Default value: localhost
jehan's avatar
jehan committed
264
reg-domains=localhost sip.example.org sipopen.example.org auth1.example.org sip2.linphone.org
jehan's avatar
jehan committed
265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280

# Maximum number of registered contacts of an address of record.
#  Default value: 15
max-contacts-by-aor=15

# List of contact uri parameters that can be used to identify a
# user's device. 
#  Default value: line
unique-id-parameters=line

# Maximum expire time for a REGISTER, in seconds.
#  Default value: 86400
max-expires=86400

# Minimum expire time for a REGISTER, in seconds.
#  Default value: 60
281
min-expires=1
jehan's avatar
jehan committed
282

jehan's avatar
jehan committed
283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382
# File containing the static records to add to database at startup.
# Format: one 'sip_uri contact_header' by line. Example:
# <sip:contact@domain> <sip:127.0.0.1:5460>,<sip:192.168.0.1:5160>
#  Default value: 
static-records-file=

# Timeout in seconds after which the static records file is re-read
# and the contacts updated.
#  Default value: 600
static-records-timeout=600

# Implementation used for storing address of records contact uris.
# [redis-async, redis-sync, internal]
#  Default value: internal
db-implementation=internal

# Store and retrieve contacts without using the domain.
#  Default value: false
use-global-domain=false

# Fork messages to all registered devices
#  Default value: true
fork=true

# Force forking and thus the creation of an outgoing transaction
# even when only one contact found
#  Default value: true
stateful=true

# Fork invites to late registers
#  Default value: false
fork-late=false

# Only forward one response of forked invite to the caller
#  Default value: true
fork-one-response=true

# All the forked have to decline in order to decline the caller
# invite
#  Default value: false
fork-no-global-decline=false

# Maximum duration for delivering a message (text)
#  Default value: 3600
message-delivery-timeout=3600

# Generate a contact from the TO header and route it to the above
# destination. [sip:host:port]
#  Default value: 
generated-contact-route=

# Require presence of authorization header for specified realm.
# [Realm]
#  Default value: 
generated-contact-expected-realm=

##
## This module performs push notifications
##
[module::PushNotification]
# Indicate whether the module is activated.
#  Default value: false
enabled=false

# A request/response enters module if the boolean filter evaluates
# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain
# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org')
# && (user-agent == 'Linphone v2')
#  Default value: 
filter=

# Number of second to wait before sending a push notification to
# device(if <=0 then disabled)
#  Default value: 5
timeout=5

# Maximum number of notifications queued for each client
#  Default value: 10
max-queue-size=10

# Enable push notification for apple devices
#  Default value: true
apple=true

# Path to directory where to find Apple Push Notification service
# certificates. They should bear the appid of the application, suffixed
# by the release mode and .pem extension. For example: org.linphone.dev.pem
# org.linphone.prod.pem com.somephone.dev.pem etc... The files should
# be .pem format, and made of certificate followed by private key.
#  Default value: /etc/flexisip/apn
apple-certificate-dir=/etc/flexisip/apn

# Enable push notification for android devices
#  Default value: true
google=true

# List of couple projectId:ApiKey for each android project which
# support push notifications
#  Default value: 
google-projects-api-keys=
jehan's avatar
jehan committed
383 384 385 386 387 388 389 390 391 392 393 394 395 396

##
## The purpose of the ContactRouteInserter module is to masquerade
## the contact header of incoming registers that are not handled
## locally (think about flexisip used as a SBC gateway) in such a
## way that it is then possible to route back outgoing invites to
## the original address. It is a kind of similar mechanism as Record-Route,
## but for REGISTER.
##
[module::ContactRouteInserter]
# Indicate whether the module is activated.
#  Default value: true
enabled=false

jehan's avatar
jehan committed
397 398 399 400 401 402
# A request/response enters module if the boolean filter evaluates
# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain
# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org')
# && (user-agent == 'Linphone v2')
#  Default value: 
filter=
jehan's avatar
jehan committed
403 404 405 406 407 408 409 410 411 412 413 414 415 416

# Hack for workarounding Nortel CS2k gateways bug.
#  Default value: false
masquerade-contacts-for-invites=false

##
## This module performs load balancing between a set of configured
## destination proxies.
##
[module::LoadBalancer]
# Indicate whether the module is activated.
#  Default value: false
enabled=false

jehan's avatar
jehan committed
417 418 419 420 421 422
# A request/response enters module if the boolean filter evaluates
# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain
# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org')
# && (user-agent == 'Linphone v2')
#  Default value: 
filter=
jehan's avatar
jehan committed
423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438

# Whitespace separated list of sip routes to balance the requests.
# Example: <sip:192.168.0.22> <sip:192.168.0.23>
#  Default value: 
routes=

##
## The MediaRelay module masquerades SDP message so that all RTP
## and RTCP streams go through the proxy. The RTP and RTCP streams
## are then routed so that each client receives the stream of the
## other. MediaRelay makes sure that RTP is ALWAYS established, even
## with uncooperative firewalls.
##
[module::MediaRelay]
# Indicate whether the module is activated.
#  Default value: true
jehan's avatar
jehan committed
439 440 441 442 443 444 445 446 447 448 449 450 451
enabled=false

# A request/response enters module if the boolean filter evaluates
# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain
# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org')
# && (user-agent == 'Linphone v2')
#  Default value: 
filter=

# SDP attribute set by the first proxy to forbid subsequent proxies
# to provide relay.
#  Default value: nortpproxy
nortpproxy=nortpproxy
jehan's avatar
jehan committed
452

jehan's avatar
jehan committed
453 454 455
# Set the RTP direction during early media state (duplex, forward)
#  Default value: duplex
early-media-rtp-dir=duplex
jehan's avatar
jehan committed
456

jehan's avatar
jehan committed
457 458 459 460 461 462 463 464 465 466 467 468
# The minimal value of SDP port range
#  Default value: 1024
sdp-port-range-min=1024

# The maximal value of SDP port range
#  Default value: 65535
sdp-port-range-max=65535

# Enable I-frame only filtering for video H264 for clients annoucing
# a total bandwith below this value expressed in kbit/s. Use 0 to
# disable the feature
#  Default value: 0
469
#h264-filtering-bandwidth=0
jehan's avatar
jehan committed
470

jehan's avatar
jehan committed
471 472
# When above option is activated, keep one I frame over this number.
#  Default value: 1
473
#h264-iframe-decim=1
jehan's avatar
jehan committed
474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493

##
## The purpose of the Transcoder module is to transparently transcode
## from one audio codec to another to make the communication possible
## between clients that do not share the same set of supported codecs.
## Concretely it adds all missing codecs into the INVITEs it receives,
## and adds codecs matching the original INVITE into the 200Ok. Rtp
## ports and addresses are masqueraded so that the streams can be
## processed by the proxy. The transcoding job is done in the background
## by the mediastreamer2 library, as consequence the set of supported
## codecs is exactly the the same as the codec set supported by mediastreamer2,
## including the possible plugins you may installed to extend mediastreamer2.
## WARNING: this module can conflict with the MediaRelay module as
## both are changin the SDP. Make sure to configure them with different
## to-domains or from-domains filter if you want to enable both of
## them.
##
[module::Transcoder]
# Indicate whether the module is activated.
#  Default value: false
jehan's avatar
jehan committed
494
enabled=false
jehan's avatar
jehan committed
495

jehan's avatar
jehan committed
496 497 498 499 500 501
# A request/response enters module if the boolean filter evaluates
# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain
# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org')
# && (user-agent == 'Linphone v2')
#  Default value: 
filter=
jehan's avatar
jehan committed
502 503 504 505 506 507 508 509 510 511 512 513 514

# Nominal size of RTP jitter buffer, in milliseconds. A value of
# 0 means no jitter buffer (packet processing).
#  Default value: 0
jb-nom-size=0

# Whitespace separated list of user-agent strings for which audio
# rate control is performed.
#  Default value: 
rc-user-agents=

# Whitespace seprated list of audio codecs, in order of preference.
#  Default value: speex/8000 amr/8000 iLBC/8000 gsm/8000 pcmu/8000 pcma/8000
jehan's avatar
jehan committed
515
audio-codecs=speex/8000 amr/8000 iLBC/8000 gsm/8000 pcmu/8000 pcma/8000
jehan's avatar
jehan committed
516

jehan's avatar
jehan committed
517 518 519 520 521
# If true, retransmissions of INVITEs will be blocked. The purpose
# of this option is to limit bandwidth usage and server load on
# reliable networks.
#  Default value: false
block-retransmissions=false
jehan's avatar
jehan committed
522 523 524 525 526 527 528 529 530 531

##
## This module executes the basic routing task of SIP requests and
## pass them to the transport layer. It must always be enabled.
##
[module::Forward]
# Indicate whether the module is activated.
#  Default value: true
enabled=true

jehan's avatar
jehan committed
532 533 534 535 536 537
# A request/response enters module if the boolean filter evaluates
# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain
# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org')
# && (user-agent == 'Linphone v2')
#  Default value: 
filter=
jehan's avatar
jehan committed
538 539 540

# A sip uri where to send all requests
#  Default value: 
jehan's avatar
jehan committed
541
route=
jehan's avatar
jehan committed
542 543 544 545 546

# Rewrite request-uri's host and port according to above route
#  Default value: false
rewrite-req-uri=false