flexisip.conf 16.5 KB
Newer Older
jehan's avatar
jehan committed
1 2 3 4 5 6 7 8 9 10
##
## This is the default Flexisip configuration file
##

##
## Some global settings of the flexisip proxy.
##
[global]
# Outputs very detailed logs
#  Default value: false
11
debug=1
jehan's avatar
jehan committed
12

13 14 15 16 17
# Automatically respawn flexisip in case of abnormal termination
# (crashes)
#  Default value: true
auto-respawn=true

jehan's avatar
jehan committed
18 19 20
# List of white space separated host names pointing to this machine.
# This is to prevent loops while routing SIP messages.
#  Default value: localhost
21
aliases=localhost sipopen.example.org sip.example.org auth.example.org auth1.example.org auth2.example.org client.example.org
22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38

# List of white space separated SIP uris where the proxy must listen.Wildcard
# (*) can be used to mean 'all local ip addresses'. If 'transport'
# prameter is unspecified, it will listen to both udp and tcp. An
# local address to bind can be indicated in the 'maddr' parameter,
# while the domain part of the uris are used as public domain or
# ip address. Here some examples to understand:
# * listen on all local interfaces for udp and tcp, on standart
# port:
# 	transports=sip:*
# * listen on all local interfaces for udp,tcp and tls, on standart
# ports:
# 	transports=sip:* sips:*
# * listen on 192.168.0.29:6060 with tls, but public hostname is
# 'sip.linphone.org' used in SIP messages. Bind address won't appear:
# 	transports=sips:sip.linphone.org:6060;maddr=192.168.0.29
#  Default value: sip:*
jehan's avatar
jehan committed
39
#transports=sip:192.168.56.101:5060  sips:192.168.56.101:5061
jehan's avatar
jehan committed
40
transports=sip:*:5060  sips:*:5061;tls-certificates-dir=/etc/flexisip/tls/certificates/cn sips:*:5062;tls-certificates-dir=/etc/flexisip/tls/certificates/altname sips:*:5063;require-peer-certificate=1 sip:*:5064
41 42
# An absolute path of a directory where TLS server certificate and
# private key can be found, concatenated inside an 'agent.pem' file.
jehan's avatar
jehan committed
43
#  Default value: /etc/flexisip/tls
44
tls-certificates-dir=./certificates/cn
jehan's avatar
jehan committed
45
#tls-certificates-dir=/media/sf_workspaces/workspace-macosx/flexisip
jehan's avatar
jehan committed
46 47 48 49 50 51 52 53 54

##
## STUN server parameters.
##
[stun-server]
# Enable or disable stun server.
#  Default value: true
enabled=true

55 56 57 58
# Local ip address where to bind the socket.
#  Default value: 0.0.0.0
bind-address=0.0.0.0

jehan's avatar
jehan committed
59 60 61 62
# STUN server port number.
#  Default value: 3478
port=3478

63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88
##
## DOS protection parameters.
##
[dos-protection]
# Enable or disable DOS protection using IPTables firewall.
#  Default value: false
enabled=false

# List of whitelist IPs which won't be affected by DOS protection.
#  Default value: 127.0.0.1
authorized-ip=127.0.0.1

# Local ports to protect.
#  Default value: 5060
port=5060

# Time (in seconds) while an IP have to not send any packet in order
# to leave the blacklist.
#  Default value: 60
ban-duration=60

# Number of packets authorized in 1sec before considering them as
# DOS attack.
#  Default value: 20
packets-limit=20

jehan's avatar
jehan committed
89 90 91 92 93 94 95 96 97 98 99

##
## The NatHelper module executes small tasks to make SIP work smoothly
## despite firewalls.It corrects the Contact headers that contain
## obviously inconsistent addresses, and adds a Record-Route to ensure
## subsequent requests are routed also by the proxy, through the
## UDP or TCP channel each client opened to the proxy.
##
[module::NatHelper]
# Indicate whether the module is activated.
#  Default value: true
100
enabled=true
jehan's avatar
jehan committed
101

102 103 104 105 106 107
# A request/response enters module if the boolean filter evaluates
# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain
# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org')
# && (user-agent == 'Linphone v2')
#  Default value: 
filter=
jehan's avatar
jehan committed
108

109 110 111 112
# Internal URI parameter added to response contact by first proxy
# and cleaned by last one.
#  Default value: verified
contact-verified-param=verified
jehan's avatar
jehan committed
113 114 115 116 117 118 119 120 121 122

##
## The authentication module challenges SIP requests according to
## a user/password database.
##
[module::Authentication]
# Indicate whether the module is activated.
#  Default value: false
enabled=true

123 124 125

no-403=user-agent contains 'tester-no-403'

126 127 128 129 130
# A request/response enters module if the boolean filter evaluates
# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain
# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org')
# && (user-agent == 'Linphone v2')
#  Default value: 
131
filter= from.uri.domain contains 'sip.example.org' || from.uri.domain contains 'auth.example.org' || from.uri.domain contains 'auth1.example.org' || from.uri.domain contains 'auth2.example.org' || from.uri.domain contains 'anonymous.invalid' 
jehan's avatar
jehan committed
132 133 134 135

# List of whitespace separated domain names to challenge. Others
# are denied.
#  Default value: 
jehan's avatar
jehan committed
136
auth-domains= sip.example.org auth.example.org auth1.example.org auth2.example.org
jehan's avatar
jehan committed
137

138 139 140
client-certificates-domains=client.example.org


jehan's avatar
jehan committed
141 142 143 144 145 146 147 148 149
# List of whitespace separated IP which will not be challenged.
#  Default value: 
trusted-hosts=

# Database backend implementation [odbc, file].
#  Default value: odbc
db-implementation=file

# Odbc connection string to use for connecting to database. ex1:
150
# DSN=myodbc3; where 'myodbc3' is the datasource name. ex2: DRIVER={MySQL};SERVER=host;DATABASE=db;USER=user;PASSWORD=pass;OPTION=3;
jehan's avatar
jehan committed
151 152 153
# for a DSN-less connection. ex3: /etc/flexisip/passwd; for a file
# containing one 'user@domain password' by line.
#  Default value: 
154
datasource=./flexisip/userdb.conf
jehan's avatar
jehan committed
155

156 157 158 159
# Odbc SQL request to execute to obtain the password 
# . Named parameters are :id (the user found in the from header),
# :domain (the authorization realm) and :authid (the authorization
# username). The use of the :id parameter is mandatory.
jehan's avatar
jehan committed
160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197
#  Default value: select password from accounts where id = :id and domain = :domain and authid=:authid
request=select password from accounts where id = :id and domain = :domain and authid=:authid

# Maximum length of the login column in database.
#  Default value: 100
max-id-length=100

# Maximum length of the password column in database
#  Default value: 100
max-password-length=100

# Use pooling in odbc
#  Default value: true
odbc-pooling=true

# Display timing statistics after this count of seconds
#  Default value: 0
odbc-display-timings-interval=0

# Display timing statistics once the number of samples reach this
# number.
#  Default value: 0
odbc-display-timings-after-count=0

# Retrieve passwords asynchronously.
#  Default value: false
odbc-asynchronous=false

# Duration of the validity of the credentials added to the cache
# in seconds.
#  Default value: 1800
cache-expire=1800

# Retrieve password immediately so that it is cached when an authenticated
# request arrives.
#  Default value: true
immediate-retrieve-password=true

198 199
# True if retrieved passwords from the database are hashed. HA1=MD5(A1)
# = MD5(username:realm:pass).
jehan's avatar
jehan committed
200 201 202
#  Default value: false
hashed-passwords=false

203 204 205 206
# When receiving a proxy authenticate challenge, generate a new
# challenge for this proxy.
#  Default value: false
new-auth-on-407=false
jehan's avatar
jehan committed
207

208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243
##
## ...
##
[module::GatewayAdapter]
# Indicate whether the module is activated.
#  Default value: false
enabled=false

# A request/response enters module if the boolean filter evaluates
# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain
# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org')
# && (user-agent == 'Linphone v2')
#  Default value: 
filter=

# A gateway uri where to send all requests, as a SIP url (eg 'sip:gateway.example.net')
#  Default value: 
gateway=

# Modify the from and to domains of incoming register
#  Default value: 
gateway-domain=

# The gateway will be added to the incoming register contacts.
#  Default value: true
fork-to-gateway=true

# Send a REGISTER to the gateway using this server as a contact
# in order to be notified on incoming calls by the gateway.
#  Default value: true
register-on-gateway=true

# Parameter name hosting the incoming domain that will be sent in
# the register to the gateway.
#  Default value: routing-domain
routing-param=routing-domain
jehan's avatar
jehan committed
244

245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261
[module::Router]

# Store and retrieve contacts without using the domain.
#  Default value: false
use-global-domain=false

# Fork messages to all registered devices
#  Default value: true
fork=true

# Force forking and thus the creation of an outgoing transaction
# even when only one contact found
#  Default value: true
stateful=true

# Fork invites to late registers
#  Default value: false
Simon Morlat's avatar
Simon Morlat committed
262
fork-late=true
263

Simon Morlat's avatar
Simon Morlat committed
264 265 266
call-fork-timeout=20


267 268 269 270 271 272 273 274 275 276 277
# Only forward one response of forked invite to the caller
#  Default value: true
fork-one-response=true

# All the forked have to decline in order to decline the caller
# invite
#  Default value: false
fork-no-global-decline=false

# Maximum duration for delivering a message (text)
#  Default value: 3600
Simon Morlat's avatar
Simon Morlat committed
278
message-delivery-timeout=60
jehan's avatar
jehan committed
279 280 281 282 283 284 285 286 287 288
##
## The Registrar module accepts REGISTERs for domains it manages,
## and store the address of record in order to route other requests
## destinated to the client who registered.
##
[module::Registrar]
# Indicate whether the module is activated.
#  Default value: true
enabled=true

289 290 291 292 293 294
# A request/response enters module if the boolean filter evaluates
# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain
# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org')
# && (user-agent == 'Linphone v2')
#  Default value: 
filter=
jehan's avatar
jehan committed
295 296 297 298

# List of whitelist separated domain names to be managed by the
# registrar.
#  Default value: localhost
299
reg-domains=localhost sip.example.org sipopen.example.org auth1.example.org sip2.linphone.org client.example.org
300 301 302 303 304 305 306

# Maximum number of registered contacts of an address of record.
#  Default value: 15
max-contacts-by-aor=15

# List of contact uri parameters that can be used to identify a
# user's device. 
Simon Morlat's avatar
Simon Morlat committed
307 308
#  Default value: +sip.instance
#unique-id-parameters=
309 310 311

# Maximum expire time for a REGISTER, in seconds.
#  Default value: 86400
Simon Morlat's avatar
Simon Morlat committed
312
max-expires=60
313 314 315

# Minimum expire time for a REGISTER, in seconds.
#  Default value: 60
316
min-expires=1
jehan's avatar
jehan committed
317

318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351
# File containing the static records to add to database at startup.
# Format: one 'sip_uri contact_header' by line. Example:
# <sip:contact@domain> <sip:127.0.0.1:5460>,<sip:192.168.0.1:5160>
#  Default value: 
static-records-file=

# Timeout in seconds after which the static records file is re-read
# and the contacts updated.
#  Default value: 600
static-records-timeout=600

# Implementation used for storing address of records contact uris.
# [redis-async, redis-sync, internal]
#  Default value: internal
db-implementation=internal








# Generate a contact from the TO header and route it to the above
# destination. [sip:host:port]
#  Default value: 
generated-contact-route=

# Require presence of authorization header for specified realm.
# [Realm]
#  Default value: 
generated-contact-expected-realm=


jehan's avatar
jehan committed
352 353 354 355 356
[module::ContactRouteInserter]
# Indicate whether the module is activated.
#  Default value: true
enabled=false

357 358 359 360 361 362
# A request/response enters module if the boolean filter evaluates
# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain
# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org')
# && (user-agent == 'Linphone v2')
#  Default value: 
filter=
jehan's avatar
jehan committed
363 364 365 366 367 368 369 370 371 372 373 374 375 376

# Hack for workarounding Nortel CS2k gateways bug.
#  Default value: false
masquerade-contacts-for-invites=false

##
## This module performs load balancing between a set of configured
## destination proxies.
##
[module::LoadBalancer]
# Indicate whether the module is activated.
#  Default value: false
enabled=false

377 378 379 380 381 382
# A request/response enters module if the boolean filter evaluates
# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain
# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org')
# && (user-agent == 'Linphone v2')
#  Default value: 
filter=
jehan's avatar
jehan committed
383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398

# Whitespace separated list of sip routes to balance the requests.
# Example: <sip:192.168.0.22> <sip:192.168.0.23>
#  Default value: 
routes=

##
## The MediaRelay module masquerades SDP message so that all RTP
## and RTCP streams go through the proxy. The RTP and RTCP streams
## are then routed so that each client receives the stream of the
## other. MediaRelay makes sure that RTP is ALWAYS established, even
## with uncooperative firewalls.
##
[module::MediaRelay]
# Indicate whether the module is activated.
#  Default value: true
399
enabled=true
400 401 402 403

# A request/response enters module if the boolean filter evaluates
# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain
# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org')
404
# && (:q
405
#  Default value: 
406
filter= (user-agent contains 'Natted Linphone')
407 408 409 410 411

# SDP attribute set by the first proxy to forbid subsequent proxies
# to provide relay.
#  Default value: nortpproxy
nortpproxy=nortpproxy
jehan's avatar
jehan committed
412

413 414
# Set the RTP direction during early media state (duplex, forward)
#  Default value: duplex
jehan's avatar
jehan committed
415
#early-media-rtp-dir=duplex
jehan's avatar
jehan committed
416

417 418 419 420 421 422 423 424 425 426 427 428
# The minimal value of SDP port range
#  Default value: 1024
sdp-port-range-min=1024

# The maximal value of SDP port range
#  Default value: 65535
sdp-port-range-max=65535

# Enable I-frame only filtering for video H264 for clients annoucing
# a total bandwith below this value expressed in kbit/s. Use 0 to
# disable the feature
#  Default value: 0
429
#h264-filtering-bandwidth=0
jehan's avatar
jehan committed
430

431 432
# When above option is activated, keep one I frame over this number.
#  Default value: 1
433
#h264-iframe-decim=1
jehan's avatar
jehan committed
434

435 436 437 438
# Sends a ACK and BYE to 200 Ok for INVITEs not belonging to any established call.
bye-orphan-dialogs=true


jehan's avatar
jehan committed
439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457
##
## The purpose of the Transcoder module is to transparently transcode
## from one audio codec to another to make the communication possible
## between clients that do not share the same set of supported codecs.
## Concretely it adds all missing codecs into the INVITEs it receives,
## and adds codecs matching the original INVITE into the 200Ok. Rtp
## ports and addresses are masqueraded so that the streams can be
## processed by the proxy. The transcoding job is done in the background
## by the mediastreamer2 library, as consequence the set of supported
## codecs is exactly the the same as the codec set supported by mediastreamer2,
## including the possible plugins you may installed to extend mediastreamer2.
## WARNING: this module can conflict with the MediaRelay module as
## both are changin the SDP. Make sure to configure them with different
## to-domains or from-domains filter if you want to enable both of
## them.
##
[module::Transcoder]
# Indicate whether the module is activated.
#  Default value: false
jehan's avatar
jehan committed
458
enabled=false
jehan's avatar
jehan committed
459

460 461 462 463 464 465
# A request/response enters module if the boolean filter evaluates
# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain
# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org')
# && (user-agent == 'Linphone v2')
#  Default value: 
filter=
jehan's avatar
jehan committed
466 467 468 469 470 471 472 473 474 475 476 477 478

# Nominal size of RTP jitter buffer, in milliseconds. A value of
# 0 means no jitter buffer (packet processing).
#  Default value: 0
jb-nom-size=0

# Whitespace separated list of user-agent strings for which audio
# rate control is performed.
#  Default value: 
rc-user-agents=

# Whitespace seprated list of audio codecs, in order of preference.
#  Default value: speex/8000 amr/8000 iLBC/8000 gsm/8000 pcmu/8000 pcma/8000
479
audio-codecs=speex/8000 amr/8000 iLBC/8000 gsm/8000 pcmu/8000 pcma/8000
jehan's avatar
jehan committed
480

481 482 483 484 485
# If true, retransmissions of INVITEs will be blocked. The purpose
# of this option is to limit bandwidth usage and server load on
# reliable networks.
#  Default value: false
block-retransmissions=false
jehan's avatar
jehan committed
486 487 488 489 490 491 492 493 494 495

##
## This module executes the basic routing task of SIP requests and
## pass them to the transport layer. It must always be enabled.
##
[module::Forward]
# Indicate whether the module is activated.
#  Default value: true
enabled=true

496 497 498 499 500 501
# A request/response enters module if the boolean filter evaluates
# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain
# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org')
# && (user-agent == 'Linphone v2')
#  Default value: 
filter=
jehan's avatar
jehan committed
502 503 504

# A sip uri where to send all requests
#  Default value: 
505
route=
jehan's avatar
jehan committed
506 507 508 509 510

# Rewrite request-uri's host and port according to above route
#  Default value: false
rewrite-req-uri=false

jehan's avatar
jehan committed
511 512 513 514 515
[module::Redirect]
enabled=true
filter = (user-agent contains 'redirect') && !(request.uri.params contains 'redirected')
contact= <sip:sipopen.example.org;redirected>

516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537
##
## The purpose of the StatisticsCollector module is to collect call
## statistics (RFC 6035) and store them on the server.
##
[module::StatisticsCollector]
# Indicate whether the module is activated.
#  Default value: false
enabled=true

# A request/response enters module if the boolean filter evaluates
# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain
# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org')
# && (user-agent == 'Linphone v2')
#  Default value:
filter=

# SIP URI of the statistics collector. Note that the messages destinated
# to this address will be deleted by this module and thus not be
# delivered.
#  Default value:
collector-address=sip:collector@sip.example.org