|
From: | Jason Benedict Low |
Subject: | Re: [Flexisip-developers] Flexisip as register proxy |
Date: | Sun, 3 Jun 2018 20:41:47 +0800 |
Thank you for your answer!
When I apply your config with small differences (with my domains, without DoS Protection module and with TLS) and have SIGSEGV server crash.I try to debug this issue the next few days.
Regards,
Anton
On 05/31/2018 09:06 PM, Jason Benedict Low wrote:
Hi Anton,saw your email to me directly today. Due to working time i am unable to respond.
Here my successful test flexsip.conf file. I work in AJPbiz.com, so you will see word "AJP" in the file, means i uses those section. Hope is helpful to the rest.============##
## This is the default Flexisip configuration file
##
##
## Some global settings of the flexisip proxy.
##
[global]
debug=true
# Verbosity of logs to output. Possible values are debug, message,
# warning and error
# Default value: error
log-level=debug
# Verbosity of logs to put in syslog. Possible values are debug,
# message, warning and error
# Default value: error
syslog-level=debug
# Max size of a log file before switching to a new log file. If
# -1 then no max size
# Default value: 0
max-log-size=0
# Log (on a different log domain) user errors like authentication,
# registration, routing, etc...
# Default value: false
user-errors-logs=true
# Generate a corefile when crashing. Note that by default linux
# will generate coredumps in '/' which is not so convenient. The
# following shell command can be added to /etc/rc.local in order
# to write core dumps a in specific directory, for example /home/cores:
# echo "/home/cores/core.%e.%t.%p" >/proc/sys/kernel/core_pattern
# Default value: true
dump-corefiles=true
# Automatically respawn flexisip in case of abnormal termination
# (crashes)
# Default value: true
auto-respawn=true
# List of white space separated host names pointing to this machine.
# This is to prevent loops while routing SIP messages.
# Default value: localhost
aliases=localhost
# Servers started by default when no --server option is specified
# on command line. Possible values are 'proxy', 'presence', separated
# by whitespaces.
# Default value: proxy
default-servers=proxy
# List of white space separated SIP uris where the proxy must listen.
# Wildcard (*) can be used to mean 'all local ip addresses'. If
# 'transport' prameter is unspecified, it will listen to both udp
# and tcp. A local address to bind onto can be indicated in the
# 'maddr' parameter, while the domain part of the uris are used
# as public domain or ip address.
# The 'sips' transport definitions accept two optional parameters:
# - 'tls-certificates-dir' taking for value a path, with the same
# meaning as the 'tls-certificates-dir' property of this section
# and overriding it for this given transport.
# - 'tls-verify-incoming' taking for value '0' or '1', to indicate
# whether clients connecting are required to present a valid client
# certificate. Default value is 0.
# - 'tls-verify-outgoing' taking for value '0' or '1', whether
# flexisip should check the peer certificate when it make an outgoing
# TLS connection to another server. Default value is 1.
# - 'require-peer-certificate' (deprecated) same as tls-verify-incoming
# Specifying a sip uri with transport=tls is not allowed: the 'sips'
# scheme must be used. As requested by SIP RFC, IPv6 address must
# be enclosed within brakets.
# Here are some examples to understand:
# - listen on all local interfaces for udp and tcp, on standard
# port:
# transports=sip:*
# - listen on all local interfaces for udp,tcp and tls, on standard
# ports:
# transports=sip:* sips:*
# - listen only a specific IPv6 interface, on standard ports, with
# udp, tcp and tls
# transports=sip:[2a01:e34:edc3:4d0:7dac:4a4f:22b6:2083] sips:[2a01:e34:edc3:4d0:7dac: 4a4f:22b6:2083]
# - listen on tls localhost with 2 different ports and SSL certificates:
# transports=sips:localhost:5061;tls-certificates-dir= path_a sips:localhost:5062;tls- certificates-dir=path_b
# - listen on tls localhost with 2 peer certificate requirements:
# transports=sips:localhost:5061;tls-verify-incoming=0 sips:localhost:5062;tls- verify-incoming=1
# - listen on 192.168.0.29:6060 with tls, but public hostname is
# 'sip.linphone.org' used in SIP messages. Bind address won't appear
# in messages:
# transports=sips:sip.linphone.org:6060;maddr=192.168.0.29
# Default value: sip:*
#
# AJP
transports=sip:*:5060
# Path to the directory where TLS server certificate and private
# key can be found, concatenated inside an 'agent.pem' file. Any
# chain certificates must be put into a file named 'cafile.pem'.
# The setup of agent.pem, and eventually cafile.pem is required
# for TLS transport to work.
# Default value: /etc/flexisip/tls
tls-certificates-dir=/etc/flexisip/tls
# Time interval in seconds after which inactive connections are
# closed.
# Default value: 3600
idle-timeout=3600
# Require client certificate from peer (inbound connections only).
# Default value: false
require-peer-certificate=false
# SIP transaction timeout in milliseconds. It is T1*64 (32000 ms)
# by default.
# Default value: 32000
transaction-timeout=32000
# The UDP MTU. Flexisip will fallback to TCP when sending a message
# whose size exceeds the UDP MTU. Please read http://sofia-sip.sourceforge.net/refdocs/nta/nta__tag_8h. html# a6f51c1ff713ed4b285e95235c4cc9 99a
# for more details. If sending large packets over UDP is not a problem,
# then set a big value such as 65535. Unlike the recommandation
# of the RFC, the default value of UDP MTU is 1460 in Flexisip (instead
# of 1300).
# Default value: 1460
udp-mtu=1460
# Enable SNMP.
# Default value: true
enable-snmp=true
# Unique ID used to identify that instance of Flexisip. It must
# be a randomly generated 16-sized hexadecimal number. If empty,
# it will be randomly generated at each start of Flexisip.
# Default value:
unique-id=
# Allow flexisip to use maddr in sips connections to verify the
# CN of the TLS certificate
# Default value: false
use-maddr=false
##
## Should the server be part of a cluster, this section enable to
## describe the topology of the cluster.
##
[cluster]
# Set to 'true' if that node is part of a cluster
# Default value: false
enabled=false
# List of IP addresses of all nodes present in the cluster
# Default value:
nodes=
##
## Flexisip monitor parameters
##
[monitor]
# Enable or disable the Flexisip monitor daemon
# Default value: false
enabled=false
# Time between two consecutive tests
# Default value: 30
test-interval=30
# Path to the log file
# Default value: /etc/flexisip/flexisip_monitor.log
logfile=/etc/flexisip/flexisip_monitor.log
# Port to open/close folowing the test succeed or not
# Default value: 12345
switch-port=12345
# Salt used to generate the passwords of each test account
# Default value:
password-salt=
##
## STUN server parameters.
##
[stun-server]
# Enable or disable stun server.
# Default value: true
enabled=true
# Local ip address where to bind the socket.
# Default value: 0.0.0.0
bind-address=0.0.0.0
# STUN server port number.
# Default value: 3478
port=3478
##
## Event logs contain per domain and user information about processed
## registrations, calls and messages.
##
[event-logs]
# Enable event logs.
# Default value: false
enabled=false
# Define logger for storing logs. It supports "filesystem" and "database".
# Default value: filesystem
logger=filesystem
# Directory where event logs are written as a filesystem (case when
# filesystem output is choosed).
# Default value: /var/log/flexisip
dir=/var/log/flexisip
# Choose the type of backend that Soci will use for the connection.
# Depending on your Soci package and the modules you installed,
# the supported databases are:`mysql` and `sqlite3`
# Default value: mysql
database-backend=mysql
# The configuration parameters of the backend.
# The basic format is "key=value key2=value2". For a mysql backend,
# this is a valid config: "db=mydb user=user password='pass' host=myhost.com".
# Please refer to the Soci documentation of your backend, for instance:
# http://soci.sourceforge.net/doc/3.2/backends/mysql. htmlhttp://soci.sourceforge. net/doc/3.2/backends/sqlite3. html
# Default value: db='mydb' user='myuser' password='mypass' host='myhost.com'
database-connection-string=db='mydb' user='myuser' password='mypass' host='myhost.com'
# Amount of queries that will be allowed to be queued before bailing
# password requests.
# This value should be chosen accordingly with 'database-nb-threads-max',
# so that you have a coherent behavior.
# This limit is here mainly as a safeguard against out-of-control
# growth of the queue in the event of a flood or big delays in the
# database backend.
# Default value: 100
database-max-queue-size=100
# Maximum number of threads for writing in database.
# If you get a `database is locked` error with sqlite3, you must
# set this variable to 1.
# Default value: 10
database-nb-threads-max=10
##
## This module bans user when they are sending too much packets within
## a given timeframe. To see the list of currently banned IPs/ports,
## use iptables -L.
##
[module::DoSProtection]
# Indicate whether the module is activated.
# Default value: true
enabled=true
# A request/response enters module if the boolean filter evaluates
# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain
# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org')
# && (user-agent == 'Linphone v2')
# Default value:
filter=
# Number of milliseconds to consider to compute the packet rate
# Default value: 3000
time-period=3000
# Maximum packet rate in packets/seconds, averaged over [time-period]
# millisecond(s) to consider it as a DoS attack.
# Default value: 20
packet-rate-limit=20
# Number of minutes to ban the ip/port using iptables
# Default value: 2
ban-time=2
# Name of the chain flexisip will create to store the banned IPs
# Default value: FLEXISIP
iptables-chain=FLEXISIP
##
## The SanitCheck module checks that required fields of a SIP message
## are present to avoid unecessary checking while processing message
## further. If the message doesn't meet these sanity check criterias,
## then it is stopped and bad request response is sent.
##
[module::SanityChecker]
# Indicate whether the module is activated.
# Default value: true
enabled=true
# A request/response enters module if the boolean filter evaluates
# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain
# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org')
# && (user-agent == 'Linphone v2')
# Default value:
filter=
##
## The ModuleGarbageIn module collects incoming garbage and prevent
## any further processing.
##
[module::GarbageIn]
# Indicate whether the module is activated.
# Default value: false
enabled=false
# A request/response enters module if the boolean filter evaluates
# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain
# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org')
# && (user-agent == 'Linphone v2')
# Default value: false
filter=false
##
## The NatHelper module executes small tasks to make SIP work smoothly
## despite firewalls.It corrects the Contact headers that contain
## obviously inconsistent addresses, and adds a Record-Route to ensure
## subsequent requests are routed also by the proxy, through the
## UDP or TCP channel each client opened to the proxy.
##
[module::NatHelper]
# Indicate whether the module is activated.
# Default value: true
enabled=true
# A request/response enters module if the boolean filter evaluates
# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain
# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org')
# && (user-agent == 'Linphone v2')
# Default value:
filter=
# Internal URI parameter added to response contact by first proxy
# and cleaned by last one.
# Default value: verified
contact-verified-param=verified
# Fix record-routes, to workaround proxies behind firewalls but
# not aware of it.
# Default value: false
fix-record-routes=false
# Policy to recognize nat'd record-route and fix them. There are
# two modes: 'safe' and 'always'
# Default value: safe
fix-record-routes-policy=safe
##
## The authentication module challenges and authenticates SIP requests
## using two possible methods:
## * if the request is received via a TLS transport and 'require-peer-certificate'
## is set in transport definition in [Global] section for this transport,
## then the From header of the request is matched with the CN claimed
## by the client certificate. The CN must contain sip:address@hidden
## or alternate name with URI=sip:address@hidden corresponding to the
## URI in the from header for the request to be accepted.
## * if no TLS client based authentication can be performed, or
## is failed, then a SIP digest authentication is performed. The
## password verification is made by querying a database or a password
## file on disk.
##
[module::Authentication]
# Indicate whether the module is activated.
# Default value: false
enabled=false
# A request/response enters module if the boolean filter evaluates
# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain
# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org')
# && (user-agent == 'Linphone v2')
# Default value:
filter=
# List of whitespace separated domain names to challenge. Others
# are denied.
# Default value: localhost
auth-domains=localhost
# List of whitespace separated IP which will not be challenged.
# Default value:
trusted-hosts=
# Database backend implementation [odbc,soci,file,fixed].
# Default value: fixed
db-implementation=fixed
# Odbc connection string to use for connecting to database. ex1:
# Odbc connection string to use for connecting to database. ex1:
# DSN=myodbc3; where 'myodbc3' is the datasource name. ex2: DRIVER={MySQL};SERVER=host;DATABASE=db;USER=user; PASSWORD=pass;OPTION=3;
# for a DSN-less connection. ex3: /etc/flexisip/passwd; for a file
# containing one 'address@hidden password' by line.
# Default value:
datasource=
# Expiration time of nonces, in seconds.
# Default value: 3600
nonce-expires=3600
# Duration of the validity of the credentials added to the cache
# in seconds.
# Default value: 1800
cache-expire=1800
# True if retrieved passwords from the database are hashed. HA1=MD5(A1)
# = MD5(username:realm:pass).
# Default value: false
hashed-passwords=false
# Don't reply 403, but 401 or 407 even in case of wrong authentication.
# Default value: false
no-403=false
# List of whitespace separated username or address@hidden CN which
# will trusted. If no domain is given it is computed.
# Default value:
trusted-client-certificates=
# When receiving a proxy authenticate challenge, generate a new
# challenge for this proxy.
# Default value: false
new-auth-on-407=false
# Enable a feature useful for automatic tests, allowing a client
# to create a temporary account in the password database in memory.This
# MUST not be used for production as it is a real security hole.
# Default value: false
enable-test-accounts-creation=false
# Disable the QOP authentication method. Default is to use it, use
# this flag to disable it if needed.
# Default value: false
disable-qop-auth=false
# Soci SQL request to execute to obtain the password.
# Named parameters are:
# -':id' : the user found in the from header,
# -':domain' : the authorization realm, and
# -':authid' : the authorization username.
# The use of the :id parameter is mandatory.
# Default value: select password from accounts where id = :id and domain = :domain and authid=:authid
soci-password-request=select password from accounts where id = :id and domain = :domain and authid=:authid
# Soci SQL request to execute to obtain the username associated
# with a phone alias.
# Named parameters are:
# -':phone' : the phone number to search for.
# The use of the :phone parameter is mandatory.
# Default value: select login from accounts where phone = :phone
soci-user-with-phone-request=select login from accounts where phone = :phone
# Soci SQL request to execute to obtain the usernames associated
# with phones aliases.
# Named parameters are:
# -':phones' : the phones to search for.
# The use of the :phones parameter is mandatory.
# Default value: select login, domain, phone from accounts where phone in :phones
soci-users-with-phones-request=select login, domain, phone from accounts where phone in :phones
# Size of the pool of connections that Soci will use. We open a
# thread for each DB query, and this pool will allow each thread
# to get a connection.
# The threads are blocked until a connection is released back to
# the pool, so increasing the pool size will allow more connections
# to occur simultaneously.
# On the other hand, you should not keep too many open connections
# to your DB at the same time.
# Default value: 100
soci-poolsize=100
# Choose the type of backend that Soci will use for the connection.
# Depending on your Soci package and the modules you installed,
# this could be 'mysql', 'oracle', 'postgresql' or something else.
# Default value: mysql
soci-backend=mysql
# The configuration parameters of the Soci backend.
# The basic format is "key=value key2=value2". For a mysql backend,
# this is a valid config: "db=mydb user=user password='pass' host=myhost.com".
# Please refer to the Soci documentation of your backend, for intance:
# http://soci.sourceforge.net/doc/3.2/backends/mysql.html
# Default value: db=mydb user=myuser password='mypass' host=myhost.com
soci-connection-string=db=mydb user=myuser password='mypass' host=myhost.com
# Amount of queries that will be allowed to be queued before bailing
# password requests.
# This value should be chosen accordingly with 'soci-poolsize',
# so that you have a coherent behavior.
# This limit is here mainly as a safeguard against out-of-control
# growth of the queue in the event of a flood or big delays in the
# database backend.
# Default value: 1000
##
## This module redirect sip request with a 302 move temporarily.
##
[module::Redirect]
# Indicate whether the module is activated.
# Default value: false
enabled=false
# A request/response enters module if the boolean filter evaluates
# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain
# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org')
# && (user-agent == 'Linphone v2')
# Default value:
filter=
# A contact where to redirect requests. ex: <sip:127.0.0.1:5065>;expires=100
# Default value:
contact=
##
## The ModuleRegistrar module accepts REGISTERs for domains it manages,
## and store the address of record in order to allow routing requests
## destinated to the client who registered.
##
[module::Registrar]
# Indicate whether the module is activated.
# Default value: true
enabled=true
# A request/response enters module if the boolean filter evaluates
# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain
# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org')
# && (user-agent == 'Linphone v2')
# Default value:
filter=
# List of whitespace separated domain names to be managed by the
# registrar. It can eventually be the '*' (wildcard) in order to
# match any domain name.
# Default value: localhost
#
# AJP
reg-domains=*.mydomain.sg
# Register users based on response obtained from a back-end server.
# This mode is for using flexisip as a front-end server to hold
# client connections but registeracceptance is deferred to backend
# server to which the REGISTER is routed.
# Default value: false
# Register users based on response obtained from a back-end server.
# This mode is for using flexisip as a front-end server to hold
# client connections but registeracceptance is deferred to backend
# server to which the REGISTER is routed.
# Default value: false
#
# AJP
reg-on-response=true
# Maximum number of registered contacts of an address of record.
# Default value: 12
max-contacts-by-aor=12
# List of contact uri parameters that can be used to identify a
# user's device. The contact parameters are searched in the order
# of the list, the first matching parameter is used and the others
# ignored.
# Default value: +sip.instance pn-tok line
unique-id-parameters=+sip.instance pn-tok line
# Maximum expire time for a REGISTER, in seconds.
# Default value: 86400
max-expires=604800
# Minimum expire time for a REGISTER, in seconds.
# Default value: 60
min-expires=60
# Set a value that will override expire times given by REGISTER
# requests. A null or negative value disables that feature. If it
# is enabled, max-expires and min-expires will not have any effect.
# Default value: -1
force-expires=-1
# File containing the static records to add to database at startup.
# Format: one 'sip_uri contact_header' by line. Example:
# <sip:address@hidden> <sip:127.0.0.1:5460>,<sip:192.168.0.1:5160 >
# Default value:
static-records-file=
# Timeout in seconds after which the static records file is re-read
# and the contacts updated.
# Default value: 600
static-records-timeout=600
# Implementation used for storing address of records contact uris.
# [redis, internal]
# Default value: internal
db-implementation=internal
# Domain of the redis server.
# Default value: localhost
redis-server-domain=localhost
# Port of the redis server.
# Default value: 6379
redis-server-port=6379
# Authentication password for redis. Empty to disable.
# Default value:
redis-auth-password=
# Timeout in milliseconds of the redis connection.
# Default value: 1500
redis-server-timeout=1500
# Serialize contacts with: [C, protobuf, json, msgpack]
# Default value: protobuf
redis-record-serializer=protobuf
# When Redis is configured in master-slave, flexisip will periodically
# ask what are the slaves and the master.This is the period with
# which it will query the server.It will then determine whether
# is is connected to the master, and if not, let go of the connection
# and migrate to the master.Note: This requires that all redis instances
# have the same password. Otherwise the authentication will fail.
# Default value: 60
redis-slave-check-period=60
# Sequence of proxies (space-separated) where requests will be redirected
# through (RFC3608)
# Default value:
service-route=
# Maximum percentage of the REGISTER expire to randomly remove,
# 0 to disable
# Default value: 0
register-expire-randomizer-max=0
##
## The purpose of the StatisticsCollector module is to collect call
## statistics (RFC 6035) and store them on the server.
##
[module::StatisticsCollector]
# Indicate whether the module is activated.
# Default value: false
enabled=false
# A request/response enters module if the boolean filter evaluates
# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain
# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org')
# && (user-agent == 'Linphone v2')
# Default value:
filter=
# SIP URI of the statistics collector. Note that application/vq-rtcpxr
# messages for this address will be deleted by this module and thus
# not be delivered.
# Default value:
collector-address=
##
## The ModuleRouter module routes requests for domains it manages.
##
[module::Router]
# Indicate whether the module is activated.
# Default value: true
enabled=true
# A request/response enters module if the boolean filter evaluates
# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain
# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org')
# && (user-agent == 'Linphone v2')
# Default value:
filter=
# Store and retrieve contacts without using the domain.
# Default value: false
use-global-domain=false
# Fork messages to all registered devices
# Default value: true
fork=true
# Force forking and thus the creation of an outgoing transaction
# even when only one contact found
# Default value: true
stateful=true
# Fork invites to late registers
# Default value: false
#
#AJP
fork-late=true
# All the forked have to decline in order to decline the caller
# invite
# Default value: false
fork-no-global-decline=false
# Treat 603 Declined answers as urgent. Only relevant if fork-no-global-decline
# is set to true.
# Default value: false
treat-decline-as-urgent=false
# During a fork procedure, treat all failure response as urgent
# Default value: false
treat-all-as-urgent=false
# Maximum time for a call fork to try to reach a callee, in seconds.
# Default value: 90
call-fork-timeout=90
# Maximum time before delivering urgent responses during a call
# fork, in seconds. The typical fork process requires to wait the
# best response from all branches before transmitting it to the
# client. However some error responses are retryable immediately
# (like 415 unsupported media, 401, 407) thus it is painful for
# the client to need to wait the end of the transaction time (32
# seconds) for these error codes.
# Default value: 5
call-fork-urgent-timeout=5
# Optional timer to detect lack of push response, in seconds.
# Default value: 0
call-push-response-timeout=0
# Fork messages to client registering lately.
# Default value: true
message-fork-late=true
# Maximum duration for delivering a text message. This property
# applies only if message-fork-late if set to true, otherwise the
# duration can't exceed the normal transaction duration.
# Default value: 3600
message-delivery-timeout=604800
# Maximum duration for accepting a text message if no response is
# received from any recipients. This property is meaningful when
# message-fork-late is set to true.
# Default value: 15
message-accept-timeout=15
# During a call forking, allow several INVITEs going to the same
# next hop to be grouped into a single one. A proprietary custom
# header 'X-target-uris' is added to the INVITE to indicate the
# final targets of the INVITE.
# Default value: false
allow-target-factorization=false
# Generate a contact from the TO header and route it to the above
# destination. [sip:host:port]
# Default value:
generated-contact-route=
# Require presence of authorization header for specified realm.
# [Realm]
# Default value:
generated-contact-expected-realm=
# Remove to tag from 183, 180, and 101 responses to workaround buggy
# gateways
# Default value: false
remove-to-tag=false
# rewrite username with given value.
# Default value:
preroute=
##
## This module performs push notifications to mobile phone notification
## systems: apple, android, windows, as well as a generic http get/post
## to a custom server to which actual sending of the notification
## is delegated. The push notification is sent when an INVITE or
## MESSAGE request is not answered by the destination of the request
## within a certain period of time, configurable hereunder as 'timeout'
## parameter.
##
[module::PushNotification]
# Indicate whether the module is activated.
# Default value: false
#
# AJP
enabled=true
# A request/response enters module if the boolean filter evaluates
# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain
# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org')
# && (user-agent == 'Linphone v2')
# Default value:
filter=mydomain.sg
# Number of second to wait before sending a push notification to
# device(if <=0 then disabled)
# Default value: 5
timeout=2
# Maximum number of notifications queued for each client
# Default value: 100
max-queue-size=100
# Default time to live for the push notifications, in seconds. This
# parameter shall be set according to mDeliveryTimeout parameter
# in ForkContext.cc
# Default value: 2592000
time-to-live=2592000
# Enable push notification for apple devices
# Default value: true
#
# AJP
apple=false
# Path to directory where to find Apple Push Notification service
# certificates. They should bear the appid of the application, suffixed
# by the release mode and .pem extension. For example: org.linphone.dev.pem
# org.linphone.prod.pem com.somephone.dev.pem etc... The files should
# be .pem format, and made of certificate followed by private key.
# This is also the path to the directory where to find Voice Over
# IP certificates (certicates to use PushKit).They should bear the
# appid of the application, suffixed by the release mode and .pem
# extension, and made of certificate followed by private key. For
# example: org.linphone.voip.dev.pem org.linphone.voip.prod.pem
# com.somephone.voip.dev.pem etc...
# Default value: /etc/flexisip/apn
apple-certificate-dir=/etc/flexisip/apn
# Enable push notification for android devices (for compatibility
# only)
# Default value: true
google=false
# List of couples projectId:ApiKey for each android project that
# supports push notifications (for compatibility only)
# Default value:
#
# AJP
google-projects-api-keys=632556497494:AIzaSyDmT88Bl5- dGSEFBRMnINwzeK1IImSJXXU
# Enable push notification for android devices (new method for android)
# Default value: true
firebase=true
# List of couples projectId:ApiKey for each android project that
# supports push notifications (new method for android)
# Default value:
#
# AJP
firebase-projects-api-keys=632556497494:AAAAk0dOKlY: APA91bHYjMK8W0Z4iprsEPx7rgBNX7 RZFYhCoc7tSF7iiaQM3Ve423piSoMC wtlGbzSpcsVoYMVrqB7ABIaUGMICP8 gk1- 1W8yiWFDaosbdzoUGAY9wINkhs9VPC wfok-X7J0vHlJ3vV
# Enable push notification for windows phone 8 devices
# Default value: true
#
# AJP
windowsphone=false
# Unique identifier for your Windows Store app. For example: ms-app://s-1-15-2-2345030743-3098444494-743537440- 5853975885-5950300305- 5348553438-505324794
# Default value:
windowsphone-package-sid=
# Client secret. For example: Jrp1UoVt4C6CYpVVJHUPdcXLB1pEdRoB
# Default value:
windowsphone-application-secret=
# Set the badge value to 0 for apple push
# Default value: false
no-badge=false
# Instead of having Flexisip sending the push notification directly
# to the Google/Apple/Microsoft push servers, send an http request
# to an http server with all required information encoded in URL,
# to which the actual sending of the push notification is delegated.
# The following arguments can be substitued in the http request
# uri, with the following values:
# - $type : apple, google, wp, firebase
# - $token : device token
# - $api-key : the api key to use (google and firebase only)
# - $app-id : application ID
# - $from-name : the display name in the from header
# - $from-uri : the sip uri of the from header
# - $from-tag : the tag of the from header
# - $to-uri : the sip uri of the to header
# - $call-id : the call-id of the INVITE or MESSAGE request
# - $event : call, message
# - $sound : the sound file to play with the notification
# - $msgid : the message id to put in the notification
# - $uid :
#
# The content of the text message is put in the body of the http
# request as text/plain, if any.
# Example: http://292.168.0.2/$type/$event?from-uri=$from-uri&tag=$ from-tag&callid=$callid&to=$ to-uri
# Default value:
external-push-uri=
# Method for reaching external-push-uri, typically GET or POST
# Default value: GET
external-push-method=GET
##
## The MediaRelay module masquerades SDP message so that all RTP
## and RTCP streams go through the proxy. The RTP and RTCP streams
## are then routed so that each client receives the stream of the
## other. MediaRelay makes sure that RTP is ALWAYS established, even
## with uncooperative firewalls.
##
[module::MediaRelay]
# Indicate whether the module is activated.
# Default value: true
#
# AJP
enabled=true
# A request/response enters module if the boolean filter evaluates
# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain
# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org')
# && (user-agent == 'Linphone v2')
# Default value:
filter=
# SDP attribute set by the first proxy to forbid subsequent proxies
# to provide relay. Use 'disable' to disable.
# Default value: nortpproxy
#
# AJP
nortpproxy=disable
# The minimal value of SDP port range
# Default value: 1024
sdp-port-range-min=30000
# The maximal value of SDP port range
# Default value: 65535
sdp-port-range-max=40000
# Sends a ACK and BYE to 200Ok for INVITEs not belonging to any
# established call.
# Default value: false
bye-orphan-dialogs=false
# Maximum concurrent calls processed by the media-relay. Calls arriving
# when the limit is exceed will be rejected. A value of 0 means
# no limit.
# Default value: 0
max-calls=0
# When true, the 'c=' line and port number are set to the relay
# ip/port even if ICE candidates are present in the request. This
# is allow non-ice clients to have their streams relayed.
# Default value: true
force-relay-for-non-ice-targets=true
# Prevent media-relay ports to loop between them, which can cause
# 100% cpu on the media relay thread.You need to set this property
# to false if you are running test calls from clients running on
# the same IP address as the flexisip server
# Default value: true
prevent-loops=true
# In case multiples 183 Early media responses are received for a
# call, only the first one will have RTP streams forwarded back
# to caller. This feature prevents the caller to receive 'mixed'
# streams, but it breaks scenarios where multiple servers play early
# media announcement in sequence.
# Default value: true
early-media-relay-single=true
# Maximum number of relayed early media streams per call. This is
# useful to limit the cpu usage due to early media relaying on embedded
# systems. A value of 0 stands for unlimited.
# Default value: 0
max-early-media-per-call=0
# Period of time in seconds, after which a relayed call without
# any activity is considered as no longer running. Activity counts
# RTP/RTCP packets exchanged through the relay and SIP messages.
# Default value: 3600
inactivity-period=3600
##
## The purpose of the Transcoder module is to transparently transcode
## from one audio codec to another to make the communication possible
## between clients that do not share the same set of supported codecs.
## Concretely it adds all missing codecs into the INVITEs it receives,
## and adds codecs matching the original INVITE into the 200Ok. Rtp
## ports and addresses are masqueraded so that the streams can be
## processed by the proxy. The transcoding job is done in the background
## by the mediastreamer2 library, as consequence the set of supported
## codecs is exactly the the same as the codec set supported by mediastreamer2,
## including the possible plugins you may installed to extend mediastreamer2.
## WARNING: this module can conflict with the MediaRelay module as
## both are changin the SDP. Make sure to configure them with different
## to-domains or from-domains filter if you want to enable both of
## them.
##
[module::Transcoder]
# Indicate whether the module is activated.
# Default value: false
enabled=false
# A request/response enters module if the boolean filter evaluates
# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain
# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org')
# && (user-agent == 'Linphone v2')
# Default value:
filter=
# Nominal size of RTP jitter buffer, in milliseconds. A value of
# 0 means no jitter buffer (packet processing).
# Default value: 0
jb-nom-size=0
# Whitespace separated list of user-agent strings for which audio
# rate control is performed.
# Default value:
rc-user-agents=
# Whitespace seprated list of audio codecs, in order of preference.
# The telephone-event codec is necessary for inband DTMF processing.
# Default value: speex/8000 amr/8000 iLBC/8000 gsm/8000 pcmu/8000 pcma/8000 telephone-event/8000
audio-codecs=speex/8000 amr/8000 iLBC/8000 gsm/8000 pcmu/8000 pcma/8000 telephone-event/8000
# Remove the bandwidth limitations from SDP offers and answers
# Default value: false
remove-bw-limits=false
# If true, retransmissions of INVITEs will be blocked. The purpose
# of this option is to limit bandwidth usage and server load on
# reliable networks.
# Default value: false
block-retransmissions=false
##
## This module executes the basic routing task of SIP requests and
## pass them to the transport layer. It must always be enabled.
##
[module::Forward]
# Indicate whether the module is activated.
# Default value: true
enabled=true
# A request/response enters module if the boolean filter evaluates
# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain
# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org')
# && (user-agent == 'Linphone v2')
# Default value:
filter=
# A sip uri representing a default where to send all requests not
# already resolved. This is the typical way to setup a Flexisip
# proxy server acting as a front-end for backend SIP server.
# Default value:
route=
# Add a path header of this proxy
# Default value: true
add-path=true
# Rewrite request-uri's host and port according to above route
# Default value: false
rewrite-req-uri=false
# List of URL and contact params to remove
# Default value: pn-tok pn-type app-id pn-msg-str pn-call-str pn-call-snd pn-msg-snd pn-timeout
params-to-remove=pn-tok pn-type app-id pn-msg-str pn-call-str pn-call-snd pn-msg-snd pn-timeout
##
## Inter domain connections is a set of feature allowing to dynamically
## connect several flexisip servers together in order to manage SIP
## routing at local and global scope. Let's suppose you have two
## SIP network a.example.net and b.example.net run privately and
## independently (no one from a.example.net needs to call someone
## at b.example.net). However, when people from a and b are outside
## of their network, they register to a worldwide available flexisip
## instance running on 'global.example.net'. It is then possible
## to:
## * have calls made within a.example.net routed locally and sent
## to global.example.net in order to reach users inside and outside
## of a's network. Example: address@hidden calls address@hidden.
## If 2 is registered on a.example.net then the call is routed locally.
## On the contrary if 2 is absent and registered, the call is then
## sent to global.example.net and then routed by the global proxy.
## * when global.example.net receives a call from a user not within
## its native network (ex: address@hidden calls address@hidden),
## it can route this call to the proxy that is responsible for managing
## the local domain (a.example.net).
## This system is dynamic, that is the physical IP address of a and
## b network can change (dynamic ip address)
## .This scenario is achieved with two key features:
## * a.example.net sends a REGISTER to global.example.net to indicate
## that it is the responsible for the entire domain a.example.net.
## The global.example.net authenticates this REGISTER thanks to TLS
## client certificate presented by a.example.net.
## * global.example.net is configured to accept this domain registration
## and route all calls it receives directly and estinated to a.example.net
## domain through the connection established by a.example.net during
## the domain registration.
##
[inter-domain-connections]
# Whether flexisip shall accept registrations for entire domains
# Default value: false
accept-domain-registrations=false
# Whether flexisip shall assume that there is a unique server per
# registered domain, which allows to clean old registrations and
# simplifies the routing logic.
# Default value: false
assume-unique-domains=false
# Path to a text file describing the domain registrations to make.
# This file must contains lines like:
# <local domain name> <SIP URI of proxy/registrar where to send
# the domain REGISTER>
# where:
# <local domain name> is a domain name managed locally by this
# proxy
# <SIP URI of proxy/registrar> is the SIP URI where the domain
# registration will be sent. The special uri parameter 'tls-certificate-dir'
# is understood in order to specify a TLS client certificate to
# present to the remote proxy.
# If the file is absent or empty, no registrations are done.
# Default value: /etc/flexisip/domain-registrations.conf
#
# AJP
domain-registrations=
# When submitting a domain registration to a server over TLS, verify
# the certificate presented by the server. Disabling this option
# is only for test, because it is a security flaw
# Default value: true
verify-server-certs=true
# Interval in seconds for sending \r\n\r\n keepalives throug the
# outgoing domain registration connection.A value of zero disables
# keepalives.
# Default value: 30
keepalive-interval=30
============
Best Regards,
Jason
*** Reclaim Your Freedom, use Free & Open Source Software - Be Open Standard Compliance. ***
On Thu, May 31, 2018 at 12:31 PM, Anton Demenev <address@hidden> wrote:
Hi,
We need to deploy flexisip using external freeswitch based registrar.
What modules and parameters should we use to implement this?
Can someone help with a links to similar solutions?
[Prev in Thread] | Current Thread | [Next in Thread] |