mirror of
https://gitlab.linphone.org/BC/public/linphone-iphone.git
synced 2026-05-03 20:46:28 +00:00
update flexisip.conf
This commit is contained in:
Simon Morlat
parent
c88685b194
commit
8415d54b4d
1 changed files with 131 additions and 62 deletions
193
tester/flexisip/flexisip.conf
Executable file → Normal file
193
tester/flexisip/flexisip.conf
Executable file → Normal file
|
|
@ -18,7 +18,7 @@ auto-respawn=true
|
|||
# List of white space separated host names pointing to this machine.
|
||||
# This is to prevent loops while routing SIP messages.
|
||||
# Default value: localhost
|
||||
aliases=localhost sipopen.example.org sip.example.org auth.example.org auth1.example.org auth2.example.org client.example.org sip2.linphone.org
|
||||
aliases=localhost sip2.linphone.org sipopen.example.org sip.example.org auth.example.org auth1.example.org auth2.example.org client.example.org
|
||||
|
||||
# List of white space separated SIP uris where the proxy must listen.Wildcard
|
||||
# (*) can be used to mean 'all local ip addresses'. If 'transport'
|
||||
|
|
@ -37,7 +37,12 @@ aliases=localhost sipopen.example.org sip.example.org auth.example.org auth1.exa
|
|||
# transports=sips:sip.linphone.org:6060;maddr=192.168.0.29
|
||||
# Default value: sip:*
|
||||
#transports=sip:192.168.56.101:5060 sips:192.168.56.101:5061
|
||||
transports=sip:*:5060 sips:*:5061;tls-certificates-dir=/etc/flexisip/tls/certificates/cn sips:*:5062;tls-certificates-dir=/etc/flexisip/tls/certificates/altname sips:*:5063;require-peer-certificate=1 sip:*:5064
|
||||
|
||||
#note: the ip addresses are explicitely specified here because the machine has several interfaces. In a simple case, using '*' instead of the explicit ip address is sufficient,
|
||||
#and there is no need to specify the ipv6 transport addresses.
|
||||
transports=sip:94.23.19.176:5060 sips:94.23.19.176:5061;tls-certificates-dir=/etc/flexisip/tls/certificates/cn sips:94.23.19.176:5062;tls-certificates-dir=/etc/flexisip/tls/certificates/altname sips:94.23.19.176:5063;require-peer-certificate=1 sip:94.23.19.176:5064 sip:[2001:41d0:2:14b0::1]:5060 sips:[2001:41d0:2:14b0::1]:5061;tls-certificates-dir=/etc/flexisip/tls/certificates/cn sips:[2001:41d0:2:14b0::1]:5062;tls-certificates-dir=/etc/flexisip/tls/certificates/altname sips:[2001:41d0:2:14b0::1]:5063;require-peer-certificate=1 sip:[2001:41d0:2:14b0::1]:5064
|
||||
|
||||
|
||||
# An absolute path of a directory where TLS server certificate and
|
||||
# private key can be found, concatenated inside an 'agent.pem' file.
|
||||
# Default value: /etc/flexisip/tls
|
||||
|
|
@ -61,35 +66,6 @@ bind-address=0.0.0.0
|
|||
port=3478
|
||||
|
||||
|
||||
##
|
||||
## This module bans user when they are sending too much packets on
|
||||
## a given timelapse
|
||||
##
|
||||
[module::DoS]
|
||||
# Indicate whether the module is activated.
|
||||
# Default value: true
|
||||
enabled=true
|
||||
|
||||
# A request/response enters module if the boolean filter evaluates
|
||||
# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain
|
||||
# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org')
|
||||
# && (user-agent == 'Linphone v2')
|
||||
# Default value:
|
||||
filter=
|
||||
|
||||
# Number of milliseconds to calculate the packet rate
|
||||
# Default value: 1000
|
||||
time-period=1000
|
||||
|
||||
# Maximum packet rate received in [time-period] millisecond(s) to
|
||||
# consider to consider it a DoS attack.
|
||||
# Default value: 5
|
||||
packet-rate-limit=5
|
||||
|
||||
# Number of minutes to ban the ip/port using iptables
|
||||
# Default value: 1
|
||||
ban-time=1
|
||||
|
||||
|
||||
##
|
||||
## The NatHelper module executes small tasks to make SIP work smoothly
|
||||
|
|
@ -155,7 +131,7 @@ db-implementation=file
|
|||
# for a DSN-less connection. ex3: /etc/flexisip/passwd; for a file
|
||||
# containing one 'user@domain password' by line.
|
||||
# Default value:
|
||||
datasource=./flexisip/userdb.conf
|
||||
datasource=/etc/flexisip/userdb.conf
|
||||
|
||||
# Odbc SQL request to execute to obtain the password
|
||||
# . Named parameters are :id (the user found in the from header),
|
||||
|
|
@ -164,40 +140,17 @@ datasource=./flexisip/userdb.conf
|
|||
# Default value: select password from accounts where id = :id and domain = :domain and authid=:authid
|
||||
request=select password from accounts where id = :id and domain = :domain and authid=:authid
|
||||
|
||||
# Maximum length of the login column in database.
|
||||
# Default value: 100
|
||||
max-id-length=100
|
||||
|
||||
# Maximum length of the password column in database
|
||||
# Default value: 100
|
||||
max-password-length=100
|
||||
|
||||
# Use pooling in odbc
|
||||
# Default value: true
|
||||
odbc-pooling=true
|
||||
|
||||
# Display timing statistics after this count of seconds
|
||||
# Default value: 0
|
||||
odbc-display-timings-interval=0
|
||||
|
||||
# Display timing statistics once the number of samples reach this
|
||||
# number.
|
||||
# Default value: 0
|
||||
odbc-display-timings-after-count=0
|
||||
|
||||
# Retrieve passwords asynchronously.
|
||||
# Default value: false
|
||||
odbc-asynchronous=false
|
||||
|
||||
# Duration of the validity of the credentials added to the cache
|
||||
# in seconds.
|
||||
# Default value: 1800
|
||||
cache-expire=1800
|
||||
|
||||
# Retrieve password immediately so that it is cached when an authenticated
|
||||
# request arrives.
|
||||
# Default value: true
|
||||
immediate-retrieve-password=true
|
||||
|
||||
# True if retrieved passwords from the database are hashed. HA1=MD5(A1)
|
||||
# = MD5(username:realm:pass).
|
||||
|
|
@ -209,15 +162,8 @@ hashed-passwords=false
|
|||
# Default value: false
|
||||
new-auth-on-407=false
|
||||
|
||||
# Enable a feature useful for automatic tests, allowing a client
|
||||
# to create a temporary account in the password database in memory.
|
||||
# This MUST not be used for production as it is a real security
|
||||
# hole.
|
||||
# Default value: false
|
||||
|
||||
enable-test-accounts-creation=true
|
||||
|
||||
|
||||
##
|
||||
## ...
|
||||
##
|
||||
|
|
@ -277,6 +223,7 @@ fork-late=true
|
|||
call-fork-timeout=20
|
||||
|
||||
|
||||
|
||||
# All the forked have to decline in order to decline the caller
|
||||
# invite
|
||||
# Default value: false
|
||||
|
|
@ -544,5 +491,127 @@ filter=
|
|||
# Default value:
|
||||
collector-address=sip:collector@sip.example.org
|
||||
|
||||
##
|
||||
## This module performs push notifications to mobile phone notification
|
||||
## systems: apple, android, windows, as well as a generic http get/post
|
||||
## to a custom server to which actual sending of the notification
|
||||
## is delegated. The push notification is sent when an INVITE or
|
||||
## MESSAGE request is not answered by the destination of the request
|
||||
## within a certain period of time, configurable hereunder as 'timeout'
|
||||
## parameter.
|
||||
##
|
||||
|
||||
|
||||
|
||||
[module::PushNotification]
|
||||
# Indicate whether the module is activated.
|
||||
# Default value: false
|
||||
enabled=true
|
||||
|
||||
# A request/response enters module if the boolean filter evaluates
|
||||
# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain
|
||||
# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org')
|
||||
# && (user-agent == 'Linphone v2')
|
||||
# Default value:
|
||||
filter=
|
||||
|
||||
# Number of second to wait before sending a push notification to
|
||||
# device(if <=0 then disabled)
|
||||
# Default value: 5
|
||||
timeout=5
|
||||
|
||||
# Maximum number of notifications queued for each client
|
||||
# Default value: 10
|
||||
max-queue-size=10
|
||||
|
||||
# Enable push notification for apple devices
|
||||
# Default value: true
|
||||
apple=false
|
||||
|
||||
# Path to directory where to find Apple Push Notification service
|
||||
# certificates. They should bear the appid of the application, suffixed
|
||||
# by the release mode and .pem extension. For example: org.linphone.dev.pem
|
||||
# org.linphone.prod.pem com.somephone.dev.pem etc... The files should
|
||||
# be .pem format, and made of certificate followed by private key.
|
||||
# Default value: /etc/flexisip/apn
|
||||
apple-certificate-dir=/etc/flexisip/apn
|
||||
|
||||
# Enable push notification for android devices
|
||||
# Default value: true
|
||||
google=false
|
||||
|
||||
# List of couples projectId:ApiKey for each android project that
|
||||
# supports push notifications
|
||||
# Default value:
|
||||
google-projects-api-keys=
|
||||
|
||||
# Enable push notification for windows phone 8 devices
|
||||
# Default value: true
|
||||
windowsphone=false
|
||||
|
||||
# Set the badge value to 0 for apple push
|
||||
# Default value: false
|
||||
no-badge=false
|
||||
|
||||
# Instead of having Flexisip sending the push notification directly
|
||||
# to the Google/Apple/Microsoft push servers, send an http request
|
||||
# to an http server with all required information encoded in URL,
|
||||
# to which the actual sending of the push notification is delegated.
|
||||
# The following arguments can be substitued in the http request
|
||||
# uri, with the following values:
|
||||
# - $type : apple, google, wp
|
||||
# - $event : call, message
|
||||
# - $from-name : the display name in the from header
|
||||
# - $from-uri : the sip uri of the from header
|
||||
# - $from-tag : the tag of the from header
|
||||
# - $call-id : the call-id of the INVITE or MESSAGE request
|
||||
# - $to-uri : the sip uri of the to header
|
||||
# - $api-key : the api key to use (google only)
|
||||
# - $msgid : the message id to put in the notification
|
||||
# - $sound : the sound file to play with the notification
|
||||
#
|
||||
The content of the text message is put in the body of the http
|
||||
# request as text/plain, if any.
|
||||
# Example: http://192.168.0.2/$type/$event?from-uri=$from-uri&tag=$from-tag&callid=$callid&to=$to-uri
|
||||
# Default value:
|
||||
external-push-uri=http://127.0.0.1:80/$type/$event?from-uri=$from-uri&tag=$from-tag&callid=$callid&to=$to-uri
|
||||
|
||||
# Method for reaching external-push-uri, typically GET or POST
|
||||
# Default value: GET
|
||||
external-push-method=GET
|
||||
|
||||
##
|
||||
## This module bans user when they are sending too much packets on
|
||||
## a given timelapseTo see the list of currently banned ips/ports,
|
||||
## use iptables -LYou can also check the queue of unban commands
|
||||
## using atq
|
||||
##
|
||||
[module::DoSProtection]
|
||||
|
||||
# Indicate whether the module is activated.
|
||||
# Default value: true
|
||||
enabled=true
|
||||
|
||||
# A request/response enters module if the boolean filter evaluates
|
||||
# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain
|
||||
# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org')
|
||||
# && (user-agent == 'Linphone v2')
|
||||
# Default value:
|
||||
filter=
|
||||
|
||||
# Number of milliseconds to consider to compute the packet rate
|
||||
# Default value: 3000
|
||||
time-period=15000
|
||||
|
||||
# Maximum packet rate received in [time-period] millisecond(s) to
|
||||
# consider it as a DoS attack.
|
||||
# Default value: 20
|
||||
packet-rate-limit=5
|
||||
|
||||
# Number of minutes to ban the ip/port using iptables (might be
|
||||
# less because it justs uses the minutes of the clock, not the seconds.
|
||||
# So if the unban command is queued at 13:11:56 and scheduled and
|
||||
# the ban time is 1 minute, it will be executed at 13:12:00)
|
||||
# Default value: 2
|
||||
ban-time=2
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue