forked from mirrors/linphone-iphone
555 lines
17 KiB
Text
Executable file
555 lines
17 KiB
Text
Executable file
##
|
|
## This is the default Flexisip configuration file
|
|
##
|
|
|
|
##
|
|
## Some global settings of the flexisip proxy.
|
|
##
|
|
[global]
|
|
# Outputs very detailed logs
|
|
# Default value: false
|
|
debug=1
|
|
|
|
# Automatically respawn flexisip in case of abnormal termination
|
|
# (crashes)
|
|
# Default value: true
|
|
auto-respawn=true
|
|
|
|
# List of white space separated host names pointing to this machine.
|
|
# This is to prevent loops while routing SIP messages.
|
|
# Default value: localhost
|
|
aliases=localhost sipopen.example.org sip.example.org auth.example.org auth1.example.org auth2.example.org client.example.org
|
|
|
|
# List of white space separated SIP uris where the proxy must listen.Wildcard
|
|
# (*) can be used to mean 'all local ip addresses'. If 'transport'
|
|
# prameter is unspecified, it will listen to both udp and tcp. An
|
|
# local address to bind can be indicated in the 'maddr' parameter,
|
|
# while the domain part of the uris are used as public domain or
|
|
# ip address. Here some examples to understand:
|
|
# * listen on all local interfaces for udp and tcp, on standart
|
|
# port:
|
|
# transports=sip:*
|
|
# * listen on all local interfaces for udp,tcp and tls, on standart
|
|
# ports:
|
|
# transports=sip:* sips:*
|
|
# * listen on 192.168.0.29:6060 with tls, but public hostname is
|
|
# 'sip.linphone.org' used in SIP messages. Bind address won't appear:
|
|
# transports=sips:sip.linphone.org:6060;maddr=192.168.0.29
|
|
# Default value: sip:*
|
|
#transports=sip:192.168.56.101:5060 sips:192.168.56.101:5061
|
|
transports=sip:*:5060 sips:*:5061;tls-certificates-dir=/etc/flexisip/tls/certificates/cn sips:*:5062;tls-certificates-dir=/etc/flexisip/tls/certificates/altname sips:*:5063;require-peer-certificate=1
|
|
# An absolute path of a directory where TLS server certificate and
|
|
# private key can be found, concatenated inside an 'agent.pem' file.
|
|
# Default value: /etc/flexisip/tls
|
|
tls-certificates-dir=/etc/flexisip/tls/certificates/cn
|
|
#tls-certificates-dir=/media/sf_workspaces/workspace-macosx/flexisip
|
|
|
|
##
|
|
## STUN server parameters.
|
|
##
|
|
[stun-server]
|
|
# Enable or disable stun server.
|
|
# Default value: true
|
|
enabled=true
|
|
|
|
# Local ip address where to bind the socket.
|
|
# Default value: 0.0.0.0
|
|
bind-address=0.0.0.0
|
|
|
|
# STUN server port number.
|
|
# Default value: 3478
|
|
port=3478
|
|
|
|
##
|
|
## DOS protection parameters.
|
|
##
|
|
[dos-protection]
|
|
# Enable or disable DOS protection using IPTables firewall.
|
|
# Default value: false
|
|
enabled=false
|
|
|
|
# List of whitelist IPs which won't be affected by DOS protection.
|
|
# Default value: 127.0.0.1
|
|
authorized-ip=127.0.0.1
|
|
|
|
# Local ports to protect.
|
|
# Default value: 5060
|
|
port=5060
|
|
|
|
# Time (in seconds) while an IP have to not send any packet in order
|
|
# to leave the blacklist.
|
|
# Default value: 60
|
|
ban-duration=60
|
|
|
|
# Number of packets authorized in 1sec before considering them as
|
|
# DOS attack.
|
|
# Default value: 20
|
|
packets-limit=20
|
|
|
|
# Maximal amount of simultaneous connections to accept.
|
|
# Default value: 1000
|
|
maximum-connections=1000
|
|
|
|
##
|
|
## The NatHelper module executes small tasks to make SIP work smoothly
|
|
## despite firewalls.It corrects the Contact headers that contain
|
|
## obviously inconsistent addresses, and adds a Record-Route to ensure
|
|
## subsequent requests are routed also by the proxy, through the
|
|
## UDP or TCP channel each client opened to the proxy.
|
|
##
|
|
[module::NatHelper]
|
|
# Indicate whether the module is activated.
|
|
# Default value: true
|
|
enabled=true
|
|
|
|
# A request/response enters module if the boolean filter evaluates
|
|
# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain
|
|
# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org')
|
|
# && (user-agent == 'Linphone v2')
|
|
# Default value:
|
|
filter=
|
|
|
|
# Internal URI parameter added to response contact by first proxy
|
|
# and cleaned by last one.
|
|
# Default value: verified
|
|
contact-verified-param=verified
|
|
|
|
##
|
|
## The authentication module challenges SIP requests according to
|
|
## a user/password database.
|
|
##
|
|
[module::Authentication]
|
|
# Indicate whether the module is activated.
|
|
# Default value: false
|
|
enabled=true
|
|
|
|
# A request/response enters module if the boolean filter evaluates
|
|
# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain
|
|
# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org')
|
|
# && (user-agent == 'Linphone v2')
|
|
# Default value:
|
|
filter= from.uri.domain contains 'sip.example.org' || from.uri.domain contains 'auth.example.org' || from.uri.domain contains 'auth1.example.org' || from.uri.domain contains 'auth2.example.org'
|
|
|
|
# List of whitespace separated domain names to challenge. Others
|
|
# are denied.
|
|
# Default value:
|
|
auth-domains= sip.example.org auth.example.org auth1.example.org auth2.example.org
|
|
|
|
client-certificates-domains=client.example.org
|
|
|
|
|
|
# List of whitespace separated IP which will not be challenged.
|
|
# Default value:
|
|
trusted-hosts=
|
|
|
|
# Database backend implementation [odbc, file].
|
|
# Default value: odbc
|
|
db-implementation=file
|
|
|
|
# Odbc connection string to use for connecting to database. ex1:
|
|
# DSN=myodbc3; where 'myodbc3' is the datasource name. ex2: DRIVER={MySQL};SERVER=host;DATABASE=db;USER=user;PASSWORD=pass;OPTION=3;
|
|
# for a DSN-less connection. ex3: /etc/flexisip/passwd; for a file
|
|
# containing one 'user@domain password' by line.
|
|
# Default value:
|
|
datasource=/etc/flexisip/userdb.conf
|
|
|
|
# Odbc SQL request to execute to obtain the password
|
|
# . Named parameters are :id (the user found in the from header),
|
|
# :domain (the authorization realm) and :authid (the authorization
|
|
# username). The use of the :id parameter is mandatory.
|
|
# Default value: select password from accounts where id = :id and domain = :domain and authid=:authid
|
|
request=select password from accounts where id = :id and domain = :domain and authid=:authid
|
|
|
|
# Maximum length of the login column in database.
|
|
# Default value: 100
|
|
max-id-length=100
|
|
|
|
# Maximum length of the password column in database
|
|
# Default value: 100
|
|
max-password-length=100
|
|
|
|
# Use pooling in odbc
|
|
# Default value: true
|
|
odbc-pooling=true
|
|
|
|
# Display timing statistics after this count of seconds
|
|
# Default value: 0
|
|
odbc-display-timings-interval=0
|
|
|
|
# Display timing statistics once the number of samples reach this
|
|
# number.
|
|
# Default value: 0
|
|
odbc-display-timings-after-count=0
|
|
|
|
# Retrieve passwords asynchronously.
|
|
# Default value: false
|
|
odbc-asynchronous=false
|
|
|
|
# Duration of the validity of the credentials added to the cache
|
|
# in seconds.
|
|
# Default value: 1800
|
|
cache-expire=1800
|
|
|
|
# Retrieve password immediately so that it is cached when an authenticated
|
|
# request arrives.
|
|
# Default value: true
|
|
immediate-retrieve-password=true
|
|
|
|
# True if retrieved passwords from the database are hashed. HA1=MD5(A1)
|
|
# = MD5(username:realm:pass).
|
|
# Default value: false
|
|
hashed-passwords=false
|
|
|
|
# When receiving a proxy authenticate challenge, generate a new
|
|
# challenge for this proxy.
|
|
# Default value: false
|
|
new-auth-on-407=false
|
|
|
|
##
|
|
## ...
|
|
##
|
|
[module::GatewayAdapter]
|
|
# Indicate whether the module is activated.
|
|
# Default value: false
|
|
enabled=false
|
|
|
|
# A request/response enters module if the boolean filter evaluates
|
|
# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain
|
|
# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org')
|
|
# && (user-agent == 'Linphone v2')
|
|
# Default value:
|
|
filter=
|
|
|
|
# A gateway uri where to send all requests, as a SIP url (eg 'sip:gateway.example.net')
|
|
# Default value:
|
|
gateway=
|
|
|
|
# Modify the from and to domains of incoming register
|
|
# Default value:
|
|
gateway-domain=
|
|
|
|
# The gateway will be added to the incoming register contacts.
|
|
# Default value: true
|
|
fork-to-gateway=true
|
|
|
|
# Send a REGISTER to the gateway using this server as a contact
|
|
# in order to be notified on incoming calls by the gateway.
|
|
# Default value: true
|
|
register-on-gateway=true
|
|
|
|
# Parameter name hosting the incoming domain that will be sent in
|
|
# the register to the gateway.
|
|
# Default value: routing-domain
|
|
routing-param=routing-domain
|
|
|
|
[module::Router]
|
|
|
|
# Store and retrieve contacts without using the domain.
|
|
# Default value: false
|
|
use-global-domain=false
|
|
|
|
# Fork messages to all registered devices
|
|
# Default value: true
|
|
fork=true
|
|
|
|
# Force forking and thus the creation of an outgoing transaction
|
|
# even when only one contact found
|
|
# Default value: true
|
|
stateful=true
|
|
|
|
# Fork invites to late registers
|
|
# Default value: false
|
|
fork-late=false
|
|
|
|
# Only forward one response of forked invite to the caller
|
|
# Default value: true
|
|
fork-one-response=true
|
|
|
|
# All the forked have to decline in order to decline the caller
|
|
# invite
|
|
# Default value: false
|
|
fork-no-global-decline=false
|
|
|
|
# Maximum duration for delivering a message (text)
|
|
# Default value: 3600
|
|
message-delivery-timeout=3600
|
|
##
|
|
## The Registrar module accepts REGISTERs for domains it manages,
|
|
## and store the address of record in order to route other requests
|
|
## destinated to the client who registered.
|
|
##
|
|
[module::Registrar]
|
|
# Indicate whether the module is activated.
|
|
# Default value: true
|
|
enabled=true
|
|
|
|
# A request/response enters module if the boolean filter evaluates
|
|
# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain
|
|
# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org')
|
|
# && (user-agent == 'Linphone v2')
|
|
# Default value:
|
|
filter=
|
|
|
|
# List of whitelist separated domain names to be managed by the
|
|
# registrar.
|
|
# Default value: localhost
|
|
reg-domains=localhost sip.example.org sipopen.example.org auth1.example.org sip2.linphone.org
|
|
|
|
# Maximum number of registered contacts of an address of record.
|
|
# Default value: 15
|
|
max-contacts-by-aor=15
|
|
|
|
# List of contact uri parameters that can be used to identify a
|
|
# user's device.
|
|
# Default value: line
|
|
unique-id-parameters=line
|
|
|
|
# Maximum expire time for a REGISTER, in seconds.
|
|
# Default value: 86400
|
|
max-expires=86400
|
|
|
|
# Minimum expire time for a REGISTER, in seconds.
|
|
# Default value: 60
|
|
min-expires=1
|
|
|
|
# File containing the static records to add to database at startup.
|
|
# Format: one 'sip_uri contact_header' by line. Example:
|
|
# <sip:contact@domain> <sip:127.0.0.1:5460>,<sip:192.168.0.1:5160>
|
|
# Default value:
|
|
static-records-file=
|
|
|
|
# Timeout in seconds after which the static records file is re-read
|
|
# and the contacts updated.
|
|
# Default value: 600
|
|
static-records-timeout=600
|
|
|
|
# Implementation used for storing address of records contact uris.
|
|
# [redis-async, redis-sync, internal]
|
|
# Default value: internal
|
|
db-implementation=internal
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Generate a contact from the TO header and route it to the above
|
|
# destination. [sip:host:port]
|
|
# Default value:
|
|
generated-contact-route=
|
|
|
|
# Require presence of authorization header for specified realm.
|
|
# [Realm]
|
|
# Default value:
|
|
generated-contact-expected-realm=
|
|
|
|
##
|
|
## This module performs push notifications
|
|
##
|
|
[module::PushNotification]
|
|
# Indicate whether the module is activated.
|
|
# Default value: false
|
|
enabled=false
|
|
|
|
# A request/response enters module if the boolean filter evaluates
|
|
# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain
|
|
# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org')
|
|
# && (user-agent == 'Linphone v2')
|
|
# Default value:
|
|
filter=
|
|
|
|
# Number of second to wait before sending a push notification to
|
|
# device(if <=0 then disabled)
|
|
# Default value: 5
|
|
timeout=5
|
|
|
|
# Maximum number of notifications queued for each client
|
|
# Default value: 10
|
|
max-queue-size=10
|
|
|
|
# Enable push notification for apple devices
|
|
# Default value: true
|
|
apple=true
|
|
|
|
# Path to directory where to find Apple Push Notification service
|
|
# certificates. They should bear the appid of the application, suffixed
|
|
# by the release mode and .pem extension. For example: org.linphone.dev.pem
|
|
# org.linphone.prod.pem com.somephone.dev.pem etc... The files should
|
|
# be .pem format, and made of certificate followed by private key.
|
|
# Default value: /etc/flexisip/apn
|
|
apple-certificate-dir=/etc/flexisip/apn
|
|
|
|
# Enable push notification for android devices
|
|
# Default value: true
|
|
google=true
|
|
|
|
# List of couple projectId:ApiKey for each android project which
|
|
# support push notifications
|
|
# Default value:
|
|
google-projects-api-keys=
|
|
|
|
##
|
|
## The purpose of the ContactRouteInserter module is to masquerade
|
|
## the contact header of incoming registers that are not handled
|
|
## locally (think about flexisip used as a SBC gateway) in such a
|
|
## way that it is then possible to route back outgoing invites to
|
|
## the original address. It is a kind of similar mechanism as Record-Route,
|
|
## but for REGISTER.
|
|
##
|
|
[module::ContactRouteInserter]
|
|
# Indicate whether the module is activated.
|
|
# Default value: true
|
|
enabled=false
|
|
|
|
# A request/response enters module if the boolean filter evaluates
|
|
# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain
|
|
# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org')
|
|
# && (user-agent == 'Linphone v2')
|
|
# Default value:
|
|
filter=
|
|
|
|
# Hack for workarounding Nortel CS2k gateways bug.
|
|
# Default value: false
|
|
masquerade-contacts-for-invites=false
|
|
|
|
##
|
|
## This module performs load balancing between a set of configured
|
|
## destination proxies.
|
|
##
|
|
[module::LoadBalancer]
|
|
# Indicate whether the module is activated.
|
|
# Default value: false
|
|
enabled=false
|
|
|
|
# A request/response enters module if the boolean filter evaluates
|
|
# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain
|
|
# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org')
|
|
# && (user-agent == 'Linphone v2')
|
|
# Default value:
|
|
filter=
|
|
|
|
# Whitespace separated list of sip routes to balance the requests.
|
|
# Example: <sip:192.168.0.22> <sip:192.168.0.23>
|
|
# Default value:
|
|
routes=
|
|
|
|
##
|
|
## The MediaRelay module masquerades SDP message so that all RTP
|
|
## and RTCP streams go through the proxy. The RTP and RTCP streams
|
|
## are then routed so that each client receives the stream of the
|
|
## other. MediaRelay makes sure that RTP is ALWAYS established, even
|
|
## with uncooperative firewalls.
|
|
##
|
|
[module::MediaRelay]
|
|
# Indicate whether the module is activated.
|
|
# Default value: true
|
|
enabled=true
|
|
|
|
# A request/response enters module if the boolean filter evaluates
|
|
# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain
|
|
# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org')
|
|
# && (:q
|
|
# Default value:
|
|
filter= (user-agent contains 'Natted Linphone')
|
|
|
|
# SDP attribute set by the first proxy to forbid subsequent proxies
|
|
# to provide relay.
|
|
# Default value: nortpproxy
|
|
nortpproxy=nortpproxy
|
|
|
|
# Set the RTP direction during early media state (duplex, forward)
|
|
# Default value: duplex
|
|
#early-media-rtp-dir=duplex
|
|
|
|
# The minimal value of SDP port range
|
|
# Default value: 1024
|
|
sdp-port-range-min=1024
|
|
|
|
# The maximal value of SDP port range
|
|
# Default value: 65535
|
|
sdp-port-range-max=65535
|
|
|
|
# Enable I-frame only filtering for video H264 for clients annoucing
|
|
# a total bandwith below this value expressed in kbit/s. Use 0 to
|
|
# disable the feature
|
|
# Default value: 0
|
|
#h264-filtering-bandwidth=0
|
|
|
|
# When above option is activated, keep one I frame over this number.
|
|
# Default value: 1
|
|
#h264-iframe-decim=1
|
|
|
|
##
|
|
## The purpose of the Transcoder module is to transparently transcode
|
|
## from one audio codec to another to make the communication possible
|
|
## between clients that do not share the same set of supported codecs.
|
|
## Concretely it adds all missing codecs into the INVITEs it receives,
|
|
## and adds codecs matching the original INVITE into the 200Ok. Rtp
|
|
## ports and addresses are masqueraded so that the streams can be
|
|
## processed by the proxy. The transcoding job is done in the background
|
|
## by the mediastreamer2 library, as consequence the set of supported
|
|
## codecs is exactly the the same as the codec set supported by mediastreamer2,
|
|
## including the possible plugins you may installed to extend mediastreamer2.
|
|
## WARNING: this module can conflict with the MediaRelay module as
|
|
## both are changin the SDP. Make sure to configure them with different
|
|
## to-domains or from-domains filter if you want to enable both of
|
|
## them.
|
|
##
|
|
[module::Transcoder]
|
|
# Indicate whether the module is activated.
|
|
# Default value: false
|
|
enabled=false
|
|
|
|
# A request/response enters module if the boolean filter evaluates
|
|
# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain
|
|
# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org')
|
|
# && (user-agent == 'Linphone v2')
|
|
# Default value:
|
|
filter=
|
|
|
|
# Nominal size of RTP jitter buffer, in milliseconds. A value of
|
|
# 0 means no jitter buffer (packet processing).
|
|
# Default value: 0
|
|
jb-nom-size=0
|
|
|
|
# Whitespace separated list of user-agent strings for which audio
|
|
# rate control is performed.
|
|
# Default value:
|
|
rc-user-agents=
|
|
|
|
# Whitespace seprated list of audio codecs, in order of preference.
|
|
# Default value: speex/8000 amr/8000 iLBC/8000 gsm/8000 pcmu/8000 pcma/8000
|
|
audio-codecs=speex/8000 amr/8000 iLBC/8000 gsm/8000 pcmu/8000 pcma/8000
|
|
|
|
# If true, retransmissions of INVITEs will be blocked. The purpose
|
|
# of this option is to limit bandwidth usage and server load on
|
|
# reliable networks.
|
|
# Default value: false
|
|
block-retransmissions=false
|
|
|
|
##
|
|
## This module executes the basic routing task of SIP requests and
|
|
## pass them to the transport layer. It must always be enabled.
|
|
##
|
|
[module::Forward]
|
|
# Indicate whether the module is activated.
|
|
# Default value: true
|
|
enabled=true
|
|
|
|
# A request/response enters module if the boolean filter evaluates
|
|
# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain
|
|
# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org')
|
|
# && (user-agent == 'Linphone v2')
|
|
# Default value:
|
|
filter=
|
|
|
|
# A sip uri where to send all requests
|
|
# Default value:
|
|
route=
|
|
|
|
# Rewrite request-uri's host and port according to above route
|
|
# Default value: false
|
|
rewrite-req-uri=false
|
|
|