diff options
Diffstat (limited to 'personal_infra/puppet/modules')
| -rw-r--r-- | personal_infra/puppet/modules/flexisip/README.md (renamed from personal_infra/puppet/modules/freeswitch/README.md) | 0 | ||||
| -rw-r--r-- | personal_infra/puppet/modules/flexisip/manifests/init.pp | 51 | ||||
| -rw-r--r-- | personal_infra/puppet/modules/flexisip/templates/flexisip.conf | 2477 | ||||
| -rw-r--r-- | personal_infra/puppet/modules/freeswitch/manifests/init.pp | 24 | ||||
| -rw-r--r-- | personal_infra/puppet/modules/freeswitch/templates/switch.conf.xml | 208 | ||||
| -rw-r--r-- | personal_infra/puppet/modules/freeswitch/templates/vars.xml | 448 |
6 files changed, 2528 insertions, 680 deletions
diff --git a/personal_infra/puppet/modules/freeswitch/README.md b/personal_infra/puppet/modules/flexisip/README.md index f44a17bb..f44a17bb 100644 --- a/personal_infra/puppet/modules/freeswitch/README.md +++ b/personal_infra/puppet/modules/flexisip/README.md diff --git a/personal_infra/puppet/modules/flexisip/manifests/init.pp b/personal_infra/puppet/modules/flexisip/manifests/init.pp new file mode 100644 index 00000000..9ed962de --- /dev/null +++ b/personal_infra/puppet/modules/flexisip/manifests/init.pp @@ -0,0 +1,51 @@ +class flexisip($flexisip_sdp_port_range_min, $flexisip_sdp_port_range_max, $flexisip_user_database, $flexisip_domain) { + file {'/etc/yum.repos.d/BelledonneCom.repo': + content => @(EOT) + # keep this repository enabled even if you enable beta/alpha repositories + [Belledonne-stable] + name=Belledonne-stable + baseurl=http://www.linphone.org/snapshots/$contentdir/$releasever/stable + enabled=1 + gpgcheck=0 + + # enable this if you want post-release patches + [Belledonne-hotfix] + name=Belledonne-hotfix + baseurl=http://www.linphone.org/snapshots/$contentdir/$releasever/hotfix + enabled=1 + gpgcheck=0 + + # enable this if you want next release beta packages + [Belledonne-beta] + name=Belledonne-beta + baseurl=http://www.linphone.org/snapshots/$contentdir/$releasever/beta + enabled=0 + gpgcheck=0 + + # enable this to have development (unstable) packages + [Belledonne-alpha] + name=Belledonne-alpha + baseurl=http://www.linphone.org/snapshots/$contentdir/$releasever/alpha + enabled=0 + gpgcheck=0 + | EOT + , + } + -> + package {'bc-flexisip':} + -> + file {'/etc/flexisip/flexisip.conf': + content => template('flexisip/flexisip.conf'), + } + ~> + service {'flexisip-proxy': + ensure => running, + enable => true, + } + + file {'/etc/flexisip/users.db.txt': + content => $flexisip_user_database, + require => Package['bc-flexisip'], + notify => Service['flexisip-proxy'], + } +} diff --git a/personal_infra/puppet/modules/flexisip/templates/flexisip.conf b/personal_infra/puppet/modules/flexisip/templates/flexisip.conf new file mode 100644 index 00000000..3fde5125 --- /dev/null +++ b/personal_infra/puppet/modules/flexisip/templates/flexisip.conf @@ -0,0 +1,2477 @@ +## +## This is the default Flexisip (v2.4.2-30-g42e30f2d) configuration +## file +## + + + + + +## +## Some global settings of the flexisip proxy. +## +[global] + +# Servers started by default when '--server' is not specified in +# the command line. Possible values are: 'proxy', 'presence', 'conference', +# 'regevent' and 'b2bua'. Each value must be separated by a whitespace. +# Default: proxy +#default-servers=proxy + +# Automatically respawn Flexisip in case of abnormal termination +# (crashes). This only has an effect if Flexisip is launched with +# '--daemon' option +# Default: true +#auto-respawn=true + +# Path to the directory that contains plugins. +# Default: /opt/belledonne-communications/lib64/flexisip/plugins +#plugins-dir=/opt/belledonne-communications/lib64/flexisip/plugins + +# Plugins to load. +# The list of installed plugins can be found at <prefix>/lib/flexisip/plugins. +# The name of a plugin can be built from the corresponding library +# name by removing the extension and the 'lib' prefix. +# Example: 'jweauth' will load libjweauth.so at runtime. +# Default: +#plugins= + +# Generate a core dump on crash. +# On GNU/Linux, the action to do on core dump is defined by the +# kernel file '/proc/sys/kernel/core_pattern'. +# On recent distributions like RHEL 8, the generated core dumps +# are given by default to the core manager of SystemD. Core dumps +# can easily be listed by using the coredumpctl(1) command. +# On older distributions, core dumps are often written in the root +# ('/') directory. If your root directory has little available space, +# it is recommended to relocate your core dumps in another place +# by modifying the 'core_pattern' file on system boot. This can +# be done by adding the following line in '/etc/rc.local': +# echo '/home/cores/core.%e.%t.%p' > /proc/sys/kernel/core_pattern +# +# See core(5) manual for more information about core handling on +# GNU/Linux. +# Default: false +#dump-corefiles=false + +# Enable SNMP. +# Default: false +#enable-snmp=false + +# Path to the directory where log files will be created. +# WARNING: Flexisip has no embedded log rotation system but provides +# a configuration file for logrotate. +# Please make sure that logrotate is installed and running on your +# system in order to have Flexisip's logs rotated. Log rotation +# can be customized by editing /etc/logrotate.d/flexisip-logrotate. +# Default: /var/opt/belledonne-communications/log/flexisip +#log-directory=/var/opt/belledonne-communications/log/flexisip + +# Name of the log file +# .The string '{server}' is a placeholder that is replaced with +# the corresponding server type. If several server types are specified, +# then '{server}' will be replaced by the concatenation of all server +# types separated by a '+' character. +# Example: 'proxy+presence'. +# Default: flexisip-{server}.log +#log-filename=flexisip-{server}.log + +# Logging verbosity. +# Possible values are: 'debug', 'message', 'warning' and 'error' +# Default: error +#log-level=error + +# Syslog logging verbosity. +# Possible values are: 'debug', 'message', 'warning' and 'error' +# Default: error +#syslog-level=error + +# Sofia-SIP logging verbosity. +# These logs are only displayed if 'log-level' is set to 'debug' +# or if the program is started with the '-d' (--debug) option. The +# verbosity levels range from 1 to 9: +# 1 -> Critical errors +# 2 -> Non-critical errors +# 3 -> Warnings and progress messages +# 5 -> Signaling protocol actions +# 7 -> Media protocol actions +# 9 -> Entering/exiting functions +# Default: 5 +#sofia-level=5 + +# Log user errors (on a different logging domain). +# Examples: authentication operations, registration events, requests +# routing, etc... +# Default: false +#user-errors-logs=false + +# A boolean expression applied to the processing of all SIP requests. +# When the expression evaluates to 'true', use the 'contextual-log-level' +# logging level for all the logs generated during the processing +# of the current request. This is useful to debug a certain scenario +# on a production environment. +# The definition of SIP boolean expressions is the same as for entry +# filters of modules, which is documented here: https://wiki.linphone.org/xwiki/wiki/public/view/Flexisip/Configuration/Filter%20syntax/ +# Default: +#contextual-log-filter= + +# Logging verbosity of contextual logs. +# Default: debug +#contextual-log-level=debug + +# A boolean expression applied to the processing of all SIP requests. +# When the expression evaluates to 'true', log the request body. +# Cannot be empty, use 'true' or 'false' instead. +# The definition of SIP boolean expressions is documented here: +# https://wiki.linphone.org/xwiki/wiki/public/view/Flexisip/Configuration/Filter%20syntax/ +# Example: content-type == 'application/sdp' && request.method == +# 'MESSAGE' +# Default: content-type == 'application/sdp' +#show-body-for=content-type == 'application/sdp' + +# List of whitespace separated SIP URIs where the proxy must listen. +# Wildcard (*) means 'all local ip addresses'. If the 'transport' +# parameter is not specified, the server will listen on both UDP +# and TCP transports. A local address to bind onto can be specified +# using the 'maddr' SIP URI parameter. The domain part of SIP URIs +# are used as public domain or ip address. +# The 'sips' transport definition accepts some optional parameters: +# - 'tls-certificates-dir': path, has the same meaning as the 'tls-certificates-dir' +# parameter of this section (overriding only applies for the current +# SIP URI). +# - 'tls-certificates-file': file path, has the same meaning as +# the 'tls-certificates-file' parameter of this section (overriding +# only applies for the current SIP URI). +# - 'tls-certificates-private-key': file path, has the same meaning +# as the 'tls-certificates-private-key' parameter of this section +# (overriding only applies for the current SIP URI). +# - 'tls-certificates-ca-file': file path, has the same meaning +# as the 'tls-certificates-ca-file' parameter of this section (overriding +# only applies for the current SIP URI). +# - 'tls-verify-incoming': value in {'0', '1'}, indicates whether +# clients are required to present a valid client certificate or +# not (defaults to '0'). +# - 'tls-allow-missing-client-certificate': value in {'0', '1'}, +# allow connections from clients that have no certificate even if +# `tls-verify-incoming` is enabled (useful if you want Flexisip +# to ask for a client certificate but do not fail if the client +# cannot provide one). +# - 'tls-verify-outgoing': value in {'0', '1'}, whether Flexisip +# should verify the peer certificate when it creates an outgoing +# TLS connection to another server (defaults to '1'). +# - 'require-peer-certificate': (deprecated) same as 'tls-verify-incoming' +# +# It is HIGHLY RECOMMENDED to specify a canonical name for 'sips' +# transports, so that the proxy can advertise this information in +# 'Record-Route' headers, which allows TLS cname verifications to +# be performed by clients. +# Specifying a SIP URI with 'transport=tls' is not allowed: the +# 'sips' scheme must be used instead. As requested by SIP RFC, IPv6 +# addresses must be enclosed within brackets. +# +# Here are some examples to understand: +# - listen on all local interfaces for UDP and TCP, on standard +# port: +# transports=sip:* +# - listen on all local interfaces for UDP, TCP and TLS, on standard +# ports: +# transports=sip:* sips:* +# - listen only a specific IPv6 interface, on standard ports, with +# UDP, TCP and TLS +# transports=sip:[2a01:e34:edc3:4d0:7dac:4a4f:22b6:2083] sips:[2a01:e34:edc3:4d0:7dac:4a4f:22b6:2083] +# - listen on TLS localhost with 2 different ports and SSL certificates: +# transports=sips:localhost:5061;tls-certificates-dir=path_a sips:localhost:5062;tls-certificates-dir=path_b +# - listen on TLS localhost with 2 peer certificate requirements: +# transports=sips:localhost:5061;tls-verify-incoming=0 sips:localhost:5062;tls-verify-incoming=1 +# - listen on 192.168.0.29:6060 with TLS, but public hostname is +# 'sip.linphone.org' used in SIP requests. Bind address won't appear +# in requests: +# transports=sips:sip.linphone.org:6060;maddr=192.168.0.29 +# Default: sip:* +transports=sips:<%= @flexisip_domain %>;maddr=* + +# List of whitespace separated host names pointing to this machine. +# This is to prevent loops while routing SIP requests. +# Default: localhost +aliases=<%= @flexisip_domain %> + +# Time interval after which inactive connections are closed. +# Default: 3600 +# Default unit: second +#idle-timeout=3600 + +# Time interval for sending "\r\n\r\n" keepalive packets on inbound +# and outbound connections. +# The main purpose of sending keepalive packets is to keep connections +# alive across NATs. It also helps to detect silently broken connections +# which can reduce the number of socket descriptors used by Flexisip. +# A value of zero deactivates this feature +# Default: 1800 +# Default unit: second +#keepalive-interval=1800 + +# Time interval for sending "\r\n\r\n" keepalive packets for proxy-to-proxy +# connections. +# Indeed, while it is undesirable to send frequent keepalive packets +# to mobile clients (it drains their battery), sending frequent +# keepalive packets has proven to be helpful to keep connections +# up between proxy nodes in a very popular US virtualized datacenter. +# A value of zero deactivates this feature. +# Default: 0 +# Default unit: second +#proxy-to-proxy-keepalive-interval=0 + +# SIP transaction timeout. +# Set to T1*64 by default. +# Default: 32000 +# Default unit: millisecond +#transaction-timeout=32000 + +# The UDP MTU. +# Flexisip will fallback to TCP when sending a request whose size +# exceeds the UDP MTU. Please read https://sofia-sip.sourceforge.net/refdocs/nta/nta__tag_8h.html#a6f51c1ff713ed4b285e95235c4cc999a +# for more details. If sending large packets over UDP is not a problem, +# then set a big value such as 65535. Unlike the recommendation +# of the RFC, the default value of UDP MTU is 1460 in Flexisip (instead +# of 1300). +# Default: 1460 +#udp-mtu=1460 + +# Maximum number of bytes read at once when extracting data from +# a TCP socket. WARNING: a SIP request (headers + body) cannot exceed +# this amount of bytes otherwise the parsing will fail +# Default: 524288 +#tcp-max-read-size=524288 + +# Bind address for all RTP streams (MediaRelay and Transcoder). +# This parameter is only useful for some specific networks, keeping +# the default value is recommended. +# Default: 0.0.0.0 ::0 +#rtp-bind-address=0.0.0.0 ::0 + +# Path to the file containing the server certificate chain. +# The file must be in PEM format, see OpenSSL SSL_CTX_use_certificate_chain_file +# documentation. If used, 'tls-certificates-private-key' MUST be +# set. +# Default: +tls-certificates-file=/etc/pki/tls/certs/localhost.crt + +# Path to the file containing the private key. +# See OpenSSL SSL_CTX_use_PrivateKey_file documentation. If used, +# 'tls-certificates-file' MUST be set. +# Default: +tls-certificates-private-key=/etc/pki/tls/private/localhost.key + +# Path to the file containing CA certificates. +# See OpenSSL SSL_CTX_load_verify_locations and SSL_CTX_set_client_CA_list +# documentation. Can be empty. +# Default: +#tls-certificates-ca-file= + +# Cipher strings to pass to OpenSSL in order to limit the cipher +# suites to use while establishing TLS sessions. +# Please take a look at ciphers(1) UNIX manual to get the list of +# supported keywords by your current version of OpenSSL. You might +# visit https://www.openssl.org/docs/manmaster/man1/ciphers.html +# too. The default value set by Flexisip should provide a high level +# of security while keeping an acceptable level of interoperability +# with currently deployed clients on the market. +# Default: HIGH:!SSLv2:!SSLv3:!TLSv1:!EXP:!ADH:!RC4:!3DES:!aNULL:!eNULL +#tls-ciphers=HIGH:!SSLv2:!SSLv3:!TLSv1:!EXP:!ADH:!RC4:!3DES:!aNULL:!eNULL + +# Ask for client certificate on TLS session establishing. +# Default: false +#require-peer-certificate=false + +# Unique ID used to identify this Flexisip instance. +# It must be a randomly generated 16-sized hexadecimal number. If +# empty, it will be generated each time Flexisip starts. +# Default: +#unique-id= + +# Number of SIP requests that Sofia-SIP can queue in a transport +# (a connection). It is 64 by default, hardcoded in Sofia-SIP (Sofia-SIP +# also used to hardcode a maximum value of 1000). This is not sufficient +# for instant messaging applications. +# Default: 1000 +#tport-message-queue-size=1000 + +# Interval between logs about server memory usage. +# This feature periodically logs the value occupied in RAM by the +# process (VmRSS). These logs use debug level. +# Only works on Linux. +# Set to 0 in order to disable the feature. +# Default: 0 +# Default unit: second +#memory-usage-log-interval=0 + + + + + + +## +## This section contains some parameters useful when the current +## proxy is part of a network of proxies (cluster) which serve the +## same domain. +## +[cluster] + +# Enable cluster mode. +# If 'false', the parameters of the [cluster] section will not have +# any effect. +# Default: false +#enabled=false + +# Domain name that enables external SIP agents to access to the +# cluster. +# Such domain is often associated to DNS SRV records for each proxy +# of the cluster, so that DNS resolution returns the address of +# a specific proxy randomly. +# Flexisip uses that domain when it needs to insert a 'Path' or +# 'Record-route' header addressing the cluster instead of itself. +# Default: +#cluster-domain= + +# List of IP addresses of all the proxies present in the cluster. +# SIP requests coming from these addresses won't be challenged by +# the authentication module and will not be limited by the DosProtection +# module. +# Default: +#nodes= + +# Transport to use for communication with the other proxies of the +# cluster. +# This is only useful when no transport declared in 'global/transport' +# parameter can be used to reach the other proxies (e.g. when inter-proxy +# communications are to be made through a private network). +# Example: sip:10.0.0.8:5059;transport=tcp +# Default: +#internal-transport= + + + + + + +## +## Should the server be registered on a local domain, to be accessible +## via multicast DNS. +## +[mdns-register] + +# Enable multicast DNS register +# Default: false +#enabled=false + +# Priority of this instance, lower value means more 'preferred'. +# 'n': priority of n (example: 10) +# 'n-m': random priority between n and m (example: 10-50) +# Default: 0 +#mdns-priority=0 + +# A relative weight for Flexisip instances with the same priority. +# Higher values means more 'preferred'. +# For example, if two Flexisip instances are registered on the same +# local domain with one at '20' and the other at '80', then 20% +# of the traffic will be redirected to the first instance and 80% +# to the other one. +# The sum of all the weights of Flexisip instances on the same local +# domain must be 100. +# Default: 100 +#mdns-weight=100 + +# Time To Live of any mDNS query that will ask for this Flexisip +# instance +# Default: 3600 +# Default unit: millisecond +#mdns-ttl=3600 + + + + + + +## +## Event logs contain per domain and user information about processed +## registrations, calls and messages. +## See: https://wiki.linphone.org/xwiki/wiki/public/view/Flexisip/Event%20logs%20and%20queries/ +## for architecture and queries. +## +[event-logs] + +# Enable event logs. +# Default: false +#enabled=false + +# Define logger for storing logs. It supports "filesystem", "database" +# and "flexiapi". +# Default: filesystem +#logger=filesystem + +# Directory where event logs are written as a filesystem (case when +# filesystem output is chosen). +# Default: /var/log/flexisip +#filesystem-directory=/var/log/flexisip + +# Type of backend that Soci will use for the connection. +# Depending on your Soci package and the modules you installed, +# the supported databases are:`mysql`, `sqlite3` and `postgresql` +# Default: mysql +#database-backend=mysql + +# Configuration parameters of the backend. +# The basic format is "key=value key2=value2". For a mysql backend, +# this is a valid config: "db=mydb user=user password='pass' host=myhost.com". +# Please refer to the Soci documentation of your backend, for instance: +# http://soci.sourceforge.net/doc/master/backends/#supported-backends-and-features +# Default: db='mydb' user='myuser' password='mypass' host='myhost.com' +#database-connection-string=db='mydb' user='myuser' password='mypass' host='myhost.com' + +# Amount of queries that will be allowed to be queued before bailing +# password requests. +# This value should be chosen accordingly with 'database-nb-threads-max', +# so that you have a coherent behavior. +# This limit is here mainly as a safeguard against out-of-control +# growth of the queue in the event of a flood or big delays in the +# database backend. +# Default: 100 +#database-max-queue-size=100 + +# Maximum number of threads for writing in database. +# If you get a `database is locked` error with sqlite3, you must +# set this variable to 1. +# Default: 10 +#database-nb-threads-max=10 + +# Domain name or IP address of the FlexiAPI host. This setting will +# be used in combination with flexiapi-port and -prefix to contact +# the API located at <flexiapi-host>:<flexiapi-port><flexiapi-prefix> +# Default: localhost +#flexiapi-host=localhost + +# Port on the FlexiAPI host. See `flexiapi-host` for details. +# Default: 443 +#flexiapi-port=443 + +# Path prefix for FlexiAPI requests. See `flexiapi-host` for details. +# Default: /api/stats/ +#flexiapi-prefix=/api/stats/ + +# API authentication key for the FlexiAPI +# Default: +#flexiapi-api-key= + + + + + + +## +## STUN server parameters. +## +[stun-server] + +# Enable or disable stun server. +# Default: true +#enabled=true + +# Local ip address where to bind the socket. +# Default: 0.0.0.0 +#bind-address=0.0.0.0 + +# STUN server port number. +# Default: 3478 +#port=3478 + + + + + + +## +## Flexisip presence server parameters. +## +[presence-server] + +# Enable presence server +# Default: true +#enabled=true + +# List of white space separated SIP URIs where the presence server +# must listen. Must not be tls. +# Default: sip:127.0.0.1:5065;transport=tcp +#transports=sip:127.0.0.1:5065;transport=tcp + +# Default expires of PUBLISH request. +# Default: 600 +# Default unit: second +#expires=600 + +# Max number of presentity sent in a single NOTIFY by default. +# Default: 200 +#notify-limit=200 + +# Enable long-term presence notifies +# Default: false +#long-term-enabled=false + +# Soci connection string for the resource list database. +# Default: +#rls-database-connection= + +# SQL request to obtain the list of the users corresponding to an +# resource list subscription. +# Named parameters are: +# * ':from' : the URI of the sender of the SUBSCRIBE. (mandatory) +# * ':to' : the URI of the users list which the sender want to +# subscribe to. (mandatory) +# +# Default: +#rls-database-request= + +# Max number of threads. +# Default: 50 +#rls-database-max-thread=50 + +# Max legnth of threads queue. +# Default: 50 +#rls-database-max-thread-queue-size=50 + +# Soci SQL request used to obtain the username associated with a +# phone alias. +# The string MUST contains the ':phone' keyword which will be replaced +# by the phone number to look for. +# The result of the request is a 1x1 table containing the name of +# the user associated with the phone number. +# +# Example: select login from accounts where phone = :phone +# Default: +#soci-user-with-phone-request= + +# Same as 'soci-user-with-phone-request' but allows to fetch several +# users by a unique SQL request. +# The string MUST contains the ':phones' keyword which will be replaced +# by the list of phone numbers to look for. Each element of the +# list is seperated by a comma character and is protected by simple +# quotes (e.g. '0336xxxxxxxx','0337yyyyyyyy','034zzzzzzzzz'). +# If you use phone number linked accounts you'll need to select +# login, domain, phone in your request for flexisip to work. +# Example: select login, domain, phone from accounts where phone +# in (:phones) +# Default: +#soci-users-with-phones-request= + +# Maximum number of presence element by identity saved in memory. +# Default: 10 +#max-presence-elements=10 + +# Duration in milliseconds during which the last activity is kept +# in memory. Default is 1 day. +# Default: 86400000 +#last-activity-retention-time=86400000 + + + + + + +## +## Flexisip conference server parameters. +## The Flexisip conference server manages group chat and audio/video +## conferences. +## It follows the concepts of RFC4579 for conference establishment +## and management. Factory and focus URIs must be configured. +## The server requires a MariaDB/MySQL database in order to store +## chatroom or conference states (participants and their devices). +## For chatting capabilities, the server requires a Registrar backend +## (see section module::Registrar) to discover devices (or client +## instances) of each participant. This requirement creates an explicit +## dependency on the Flexisip proxy server. Please note that this +## dependency is not required for audio/video conferences. +## +[conference-server] + +# Enable conference server +# Default: true +#enabled=true + +# Unique SIP URI on which the server is listening. +# Default: sip:127.0.0.1:6064;transport=tcp +#transport=sip:127.0.0.1:6064;transport=tcp + +# List of SIP URIs used by clients to create conferences. This implicitly +# defines the list of SIP domains managed by the conference server. +# Example: +# sip:conference-factory@sip.linphone.org sip:conference-factory@sip.linhome.org +# Default: +#conference-factory-uris= + +# List of template focus URIs to use when conferences are created +# through the conference factory. +# Focus URIs are unique SIP URIs targeting a specific conference. +# A 'conf-id' URI parameter providing uniqueness is automatically +# appended at runtime. Example, setting: +# conference-focus-uris=sip:conference-focus@sip.linphone.org +# instructs the server to generate conference URIs in the form of +# 'sip:conference-focus@sip.linphone.org;conf-id=<random string>' +# when a client requests to create a conference. +# Default: +#conference-focus-uris= + +# The SIP proxy URI to which the server will send all outgoing requests. +# Default: sip:127.0.0.1:5060;transport=tcp +#outbound-proxy=sip:127.0.0.1:5060;transport=tcp + +# Domains managed by the local SIP service, i.e. domains for which +# user registration information can be found directly in the local +# registrar database (Redis database). +# For external domains (not in this list), a 'reg' SUBSCRIBE (RFC3680) +# will be emitted. It is not necessary to list domains that appear +# in the 'conference-factory-uris' property. They are assumed to +# be local domains already. +# Example: sip.linphone.org conf.linphone.org linhome.org +# Default: +#local-domains= + +# Audio port to use for RTP and RTCP traffic. You can set a specific +# port, a range of ports or let the server ask the kernel for an +# available port (special value: 0). +# Examples: 'audio-port=0' or 'audio-port=12345' or 'audio-port=1024-65535' +# Default: 0 +#audio-port=0 + +# Video port to use for RTP and RTCP traffic. You can set a specific +# port, a range of ports or let the server ask the kernel for an +# available port (special value: 0). +# Examples: 'video-port=0' or 'video-port=12345' or 'video-port=1024-65535' +# Default: 0 +#video-port=0 + +# Type of database the server will use to store chat room and conference +# data. Provided that the required Soci modules are installed, the +# supported databases are: `mysql`, `sqlite3` +# Default: mysql +#database-backend=mysql + +# Configuration parameters of the database to store chat room and +# conference data. +# The basic format is "key=value key2=value2".For MySQL, the following +# is a valid configuration: db='mydb' user='myuser' password='mypass' +# host='myhost.com'. +# Please refer to the Soci documentation of your selected backend: +# https://soci.sourceforge.net/doc/release/3.2/backends/mysql.html +# https://soci.sourceforge.net/doc/release/3.2/backends/sqlite3.html +# Default: db='mydb' user='myuser' password='mypass' host='myhost.com' +#database-connection-string=db='mydb' user='myuser' password='mypass' host='myhost.com' + +# True to make the server check device capabilities before inviting +# them to a session. +# The capability check is currently limited to Linphone clients +# that put a '+org.linphone.specs' contact parameter. This parameter +# indicates whether they support group chat and secured group chat +# or not. +# Default: true +#check-capabilities=true + +# List of media types supported by the server. +# This allows to specify if this instance is able to provide chat +# services or audio/video conference services, or both. +# Valid values: audio, video, text. +# Example: audio video text +# Default: text +#supported-media-types=text + +# Type of media encryption the server will offer when calling participants +# to an audio or video conference. +# Valid values: none, sdes, zrtp, dtls. +# Default: none +#encryption=none + +# Public host name or IP addresses of the server. +# Setting this parameter is required when the conference server +# is deployed behind a firewall. This way, public IP address (v4, +# v6) can be advertised in SDP, as ICE server-reflexive candidates +# in order for the server to receive RTP media packets from clients. +# If no hostname is given, the v4 and v6 IP addresses can be listed, +# in any order. It is not possible to configure several v4 addresses +# or several v6 addresses. +# Example: +# nat-addresses=conference.linphone.org +# nat-addresses=5.135.31.160 2001:41d0:303:3aee::1 +# Default: +#nat-addresses= + +# Server shall delete chat rooms that have no registered participants. +# Default: true +#empty-chat-room-deletion=true + +# Directory where the server state files are stored. +# +# Default: /var/opt/belledonne-communications/lib/flexisip +#state-directory=/var/opt/belledonne-communications/lib/flexisip + +# Server will kill all incoming calls that last longer than the +# defined value. +# Special value 0 disables this feature. +# Default: 0 +# Default unit: second +#call-timeout=0 + + + + + + +## +## Flexisip RegEvent server parameters. +## This server is in charge of responding to SIP SUBSCRIBE requests +## for the 'reg' event as defined by RFC3680 (https://tools.ietf.org/html/rfc3680). +## It relies on the registrar database setup in the 'module::Registrar' +## section to generate outgoing NOTIFY requests +## +[regevent-server] + +# SIP URI on which the server is listening on. +# WARNING: only 'TCP' transport is supported. +# Default: sip:127.0.0.1:6065;transport=tcp +#transport=sip:127.0.0.1:6065;transport=tcp + + + + + + +## +## Flexisip back-to-back user agent (B2BUA) server parameters. +## +[b2bua-server] + +# The type of application that will handle calls bridged through +# the server. Possible values: +# - `trenscrypter` Bridge different encryption types on both ends +# transparently. +# - `sip-bridge` Bridge calls through an external SIP provider. +# (e.g. for PSTN gateways) +# Default: trenscrypter +#application=trenscrypter + +# Unique SIP URI on which the server is listening. +# Default: sip:127.0.0.1:6067;transport=tcp +#transport=sip:127.0.0.1:6067;transport=tcp + +# Audio port to use for RTP and RTCP traffic. You can set a specific +# port, a range of ports or let the server ask the kernel for an +# available port (special value: 0). +# Examples: 'audio-port=0' or 'audio-port=12345' or 'audio-port=1024-65535' +# Default: 0 +#audio-port=0 + +# Video port to use for RTP and RTCP traffic. You can set a specific +# port, a range of ports or let the server ask the kernel for an +# available port (special value: 0). +# Examples: 'video-port=0' or 'video-port=12345' or 'video-port=1024-65535' +# Default: 0 +#video-port=0 + +# Value of User-Agent header. Use the following syntax: <name>[/<version>] +# where <version> can bet set to '{version}' that is a placeholder +# for the Flexisip version. +# It is also used by the module::B2bua to decide if requests should +# be forwarded to the B2BUA server or not. +# Default: Flexisip-B2BUA/{version} +#user-agent=Flexisip-B2BUA/{version} + +# Directory where to store server local files +# +# Default: /var/opt/belledonne-communications/flexisip/b2b +#data-directory=/var/opt/belledonne-communications/flexisip/b2b + +# The SIP proxy URI to which the server will send all outgoing requests. +# Default: sip:127.0.0.1:5060;transport=tcp +#outbound-proxy=sip:127.0.0.1:5060;transport=tcp + +# Duration after which the server will terminate a call if no RTP +# packets are received from the other call participant. For performance +# reasons, this parameter cannot be disabled. +# Default: 30 +# Default unit: second +#no-rtp-timeout=30 + +# The server will terminate any bridged call that has been running +# for longer than this amount of time. +# Set to 0 to disable and let calls run unbounded. +# Default: 0 +# Default unit: second +#max-call-duration=0 + +# Force outgoing video call to use the specified codec. Leave empty +# to disable this feature. +# Warning: all outgoing calls will only list this codec, which means +# incoming calls must use it too. +# Default: +#video-codec= + +# The server shall use a separate connection (port) for each (external) +# account it manages. +# This can be used to work around DoS protection and rate-limiting +# systems on external proxies. +# Default: false +#one-connection-per-account=false + + + + + + +## +## External SIP Provider Bridge parameters. +## +[b2bua-server::sip-bridge] + +# Path to a file containing the accounts to use for external SIP +# bridging, organised by provider, in JSON format. +# Here is a template of what should be in this file: +# { +# "schemaVersion": 2, +# "providers": [ +# { +# "name": "<user-friendly provider name for CLI output>", +# "accountPool": "<name of an account pool described below>", +# "triggerCondition": { +# "strategy": "<MatchRegex|Always>" +# "pattern": "<MatchRegexParam: regex>" +# }, +# "accountToUse": { +# "strategy": "FindInPool|Random", +# "by": "<FindInPoolParam: alias|uri>", +# "source": "<FindInPoolParam: {from}|{to}|{sip:{incoming.to.user}@{account.sipIdentity.hostport}{incoming.to.uriParameters}}>" +# }, +# "onAccountNotFound": "nextProvider|decline", +# "outgoingInvite": { +# "to": "<{account.alias}|sip:{incoming.to.user}@{account.sipIdentity.hostport}{incoming.to.uriParameters}>", +# "from": "<optional: {account.sipIdentity}|{sip:{incoming.from.user}@{account.sipIdentity.hostport}{incoming.from.uriParameters}>", +# "outboundProxy": "<optional: sip:flexisip.example.org;transport=tcp>", +# "enableAvpf": <optional: true|false>, +# "mediaEncryption": "<optional: zrtp|sdes|dtls-srtp|none>" +# } +# } +# ], +# "accountPools": { +# "<name of account pool>": { +# "outboundProxy": "<sip:some.provider.example.com;transport=tls>", +# "registrationRequired": <true,false>, +# "registrationThrottlingRateMs": <optional: number>, +# "unregisterOnServerShutdown": <optional: true|false>, +# "maxCallsPerLine": <number>, +# "loader": { +# "dbBackend": "<mysql|sqlite3>", +# "initQuery": "<SQL query>" +# "updateQuery": "<SQL query>", +# "connection": "<db=sip_accounts user='flexisip-b2bua' password='secret' +# host=db.example.org>" +# } +# }, +# "<name of another account pool>": { +# "outboundProxy": "<sip:some.provider.example.com;transport=tls>", +# "registrationRequired": <true,false>, +# "registrationThrottlingRateMs": <optional: number>, +# "unregisterOnServerShutdown": <optional: true|false>, +# "maxCallsPerLine": <number>, +# "loader": [ +# { +# "uri": "<sip:account1@some.provider.example.com>", +# "userid": "<optional: (e.g. an API key)>" +# "secretType": "<registrationRequiredParam: ha1|clrtxt>", +# "secret": "<registrationRequiredParam: password or API token>" +# "realm": "<optional: realm.some.provider.example.com>" +# "alias": "<optional: sip:anotherAccount1@some.provider.example.com> +# "outboundProxy": "<optional: sip:another.providerOverridingPreviousOne.example.com;transport=tls>", +# } +# ] +# } +# } +# } +# Full documentation is available here: https://wiki.linphone.org/xwiki/wiki/public/view/Flexisip/Configuration/Back-to-back%20User%20Agent%20%28b2bua%29/SIP%20Bridge/#sip-bridge +# +# Default: example-path.json +#providers=example-path.json + + + + + + +## +## Encryption transcoder bridge parameters. +## +[b2bua-server::trenscrypter] + +# Select the call outgoing encryption mode, this is a list of regular +# expressions and encryption mode. +# Valid encryption modes are: zrtp, dtls-srtp, sdes, none. +# +# The list is formatted in the following mode: +# mode1 regex1 mode2 regex2 ... moden regexn +# regex use posix syntax, any invalid one is skipped +# Each regex is applied, in the given order, on the callee sip uri(including +# parameters if any). First match found determines the encryption +# mode. if no regex matches, the incoming call encryption mode is +# used. +# +# Example: zrtp .*@sip\.secure-example\.org dtsl-srtp .*dtls@sip\.example\.org +# zrtp .*zrtp@sip\.example\.org sdes .*@sip\.example\.org +# In this example: the address is matched in order with +# .*@sip\.secure-example\.org so any call directed to an address +# on domain sip.secure-example-org uses zrtp encryption mode +# .*dtls@sip\.example\.org any call on sip.example.org to a username +# ending with dtls uses dtls-srtp encryption mode +# .*zrtp@sip\.example\.org any call on sip.example.org to a username +# ending with zrtp uses zrtp encryption mode +# The previous example will fail to match if the call is directed +# to a specific device(having a GRUU as callee address) +# To ignore sip URI parameters, use (;.*)? at the end of the regex. +# Example: .*@sip\.secure-example\.org(;.*)? +# Default:Selected encryption mode(if any) is enforced and the call +# will fail if the callee does not support this mode +# Default: +#outgoing-enc-regex= + +# Outgoing SRTP crypto suite in SDES encryption mode: +# Select the call outgoing SRTP crypto suite when outgoing encryption +# mode is SDES, this is a list of regular expressions and crypto +# suites list. +# Valid srtp crypto suites are : +# AES_CM_128_HMAC_SHA1_80, AES_CM_128_HMAC_SHA1_32 +# AES_192_CM_HMAC_SHA1_80, AES_192_CM_HMAC_SHA1_32 // currently +# not supported +# AES_256_CM_HMAC_SHA1_80, AES_256_CM_HMAC_SHA1_80 +# AEAD_AES_128_GCM, AEAD_AES_256_GCM +# +# The list is formatted in the following mode: +# cryptoSuiteList1 regex1 cryptoSuiteList2 regex2 ... crytoSuiteListn +# regexn +# with cryptoSuiteList being a ; separated list of crypto suites. +# +# Regex use posix syntax, any invalid one is skipped +# Each regex is applied, in the given order, on the callee sip uri(including +# parameters if any). First match found determines the crypto suite +# list used. +# +# if no regex matches, core setting is applied +# or default to AES_CM_128_HMAC_SHA1_80;AES_CM_128_HMAC_SHA1_32;AES_256_CM_HMAC_SHA1_80;AES_256_CM_HMAC_SHA1_32 +# when no core setting is available +# +# Example: +# AES_256_CM_HMAC_SHA1_80;AES_256_CM_HMAC_SHA1_32 .*@sip\.secure-example\.org +# AES_CM_128_HMAC_SHA1_80 .*@sip\.example\.org +# +# In this example: the address is matched in order with +# .*@sip\.secure-example\.org so any call directed to an address +# on domain sip.secure-example-org uses AES_256_CM_HMAC_SHA1_80;AES_256_CM_HMAC_SHA1_32 +# suites (in that order) +# .*@sip\.example\.org any call directed to an address on domain +# sip.example.org use AES_CM_128_HMAC_SHA1_80 suite +# The previous example will fail to match if the call is directed +# to a specific device(having a GRUU as callee address) +# To ignore sip URI parameters, use (;.*)? at the end of the regex. +# Example: .*@sip\.secure-example\.org(;.*)? +# Default: +# Default: +#outgoing-srtp-regex= + + + + + + +## +## Ban users when they send too much packets within a given timeframe. +## Execute "iptables -L" to see the list of currently banned IPs/ports. +## +[module::DoSProtection] + +# Indicate whether the module is activated. +# Default: true +enabled=false + +# A request/response enters module if the boolean filter evaluates +# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain +# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org') +# && (user-agent == 'Linphone v2'). You can consult the full filter +# documentation here : https://wiki.linphone.org/xwiki/wiki/public/view/Flexisip/Configuration/Filter%20syntax/ +# Default: +#filter= + +# Time to consider to compute the packet rate +# Default: 3000 +# Default unit: millisecond +#time-period=3000 + +# Maximum packet rate in packets/seconds, averaged over [time-period] +# millisecond(s) to consider it as a DoS attack. +# Default: 20 +#packet-rate-limit=20 + +# Time duration for which an ip/port is banned. +# Default: 2 +# Default unit: minute +#ban-time=2 + +# Name of the chain the server will create to store banned IPs +# Default: FLEXISIP +#iptables-chain=FLEXISIP + +# List of IP addresses or hostnames for which no DoS protection +# is applied. This is typically for trusted servers from which it +# is planned to receive high traffic. Please note that nodes from +# the local Flexisip cluster (see [cluster] section) are automatically +# added to the white list, as well as 127.0.0.1 and ::1. +# Example: +# white-list=sip.example.org sip.linphone.org 15.128.128.93 +# Default: +#white-list= + + + + + + +## +## The SanitChecker module checks that required fields of a SIP message +## are present to avoid unecessary checking while processing message +## further. +## If the message doesn't meet these sanity check criterias, then +## it is stopped and bad request response is sent. +## +[module::SanityChecker] + +# Indicate whether the module is activated. +# Default: true +#enabled=true + +# A request/response enters module if the boolean filter evaluates +# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain +# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org') +# && (user-agent == 'Linphone v2'). You can consult the full filter +# documentation here : https://wiki.linphone.org/xwiki/wiki/public/view/Flexisip/Configuration/Filter%20syntax/ +# Default: +#filter= + + + + + + +## +## The GarbageIn module collects incoming garbage and prevent any +## further processing. +## +[module::GarbageIn] + +# Indicate whether the module is activated. +# Default: false +#enabled=false + +# A request/response enters module if the boolean filter evaluates +# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain +# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org') +# && (user-agent == 'Linphone v2'). You can consult the full filter +# documentation here : https://wiki.linphone.org/xwiki/wiki/public/view/Flexisip/Configuration/Filter%20syntax/ +# Default: false +#filter=false + + + + + + +## +## Enable this module in order the proxy replies to OPTION requests +## by “200 Ok”. Today, no supported header is added in the response, +## so this mechanism cannot be used for capabilities introspection. +## If the module is disabled, the request will be silently discarded. +## +[module::Capabilities] + +# Indicate whether the module is activated. +# Default: true +#enabled=true + +# A request/response enters module if the boolean filter evaluates +# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain +# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org') +# && (user-agent == 'Linphone v2'). You can consult the full filter +# documentation here : https://wiki.linphone.org/xwiki/wiki/public/view/Flexisip/Configuration/Filter%20syntax/ +# Default: +#filter= + + + + + + +## +## The NatHelper module executes small tasks to make SIP work smoothly +## despite firewalls and NATs. There are two strategies available: +## "contact-correction" and "flow-token". +## Contact-Correction: corrects Contact headers that contain obviously +## inconsistent addresses. +## Flow-Token: add routing information in the Record-Routes as defined +## in RFC 5626. +## Both methods ensure that subsequent requests are correctly routed +## by the proxy through the same UDP or TCP channel used for the +## initial request. +## +[module::NatHelper] + +# Indicate whether the module is activated. +# Default: true +#enabled=true + +# A request/response enters module if the boolean filter evaluates +# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain +# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org') +# && (user-agent == 'Linphone v2'). You can consult the full filter +# documentation here : https://wiki.linphone.org/xwiki/wiki/public/view/Flexisip/Configuration/Filter%20syntax/ +# Default: +#filter= + +# Strategy to manage client-initiated connections when SIP messages +# are routed through NATs. You can choose between "contact-correction" +# and "flow-token". +# Default: contact-correction +#nat-traversal-strategy=contact-correction + +# Boolean expression in order to force the use of flow-token under +# specific conditions. This expression is only evaluated if the +# "flow-token" strategy is used. +# +# Default: user-agent contains 'Linphone' +#force-flow-token=user-agent contains 'Linphone' + +# Path to the file containing the hash key used to hash flow tokens. +# Default: /var/opt/belledonne-communications/lib/flexisip/flow-token-hash-key +#flow-token-path=/var/opt/belledonne-communications/lib/flexisip/flow-token-hash-key + +# Internal URI parameter added to response contact by first proxy +# and cleaned by last one. It indicates if the contact was already +# verified and corrected. +# Default: verified +#contact-correction-param=verified + +# Fix record-routes, to workaround proxies behind firewalls but +# not aware of it. +# Default: false +#fix-record-routes=false + +# Policy to recognize NATed record-route and fix them. There are +# two modes: 'safe' and 'always' +# Default: safe +#fix-record-routes-policy=safe + + + + + + +## +## The authentication module challenges and authenticates SIP requests +## using two possible methods: +## * if the request is received via a TLS transport and 'require-peer-certificate' +## is set in transport definition in [Global] section for this transport, +## then the From header of the request is matched with the CN claimed +## by the client certificate. The CN must contain sip:user@domain +## or alternate name with URI=sip:user@domain corresponding to the +## URI in the from header for the request to be accepted. Optionnaly, +## the property tls-client-certificate-required-subject may contain +## a regular expression for additional checks to execute on certificate +## subjects. +## * if no TLS client based authentication can be performed, or +## has failed, then a SIP digest authentication is performed. The +## password verification is made by querying a database or a password +## file on disk. +## +[module::Authentication] + +# Indicate whether the module is activated. +# Default: false +enabled=true + +# A request/response enters module if the boolean filter evaluates +# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain +# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org') +# && (user-agent == 'Linphone v2'). You can consult the full filter +# documentation here : https://wiki.linphone.org/xwiki/wiki/public/view/Flexisip/Configuration/Filter%20syntax/ +# Default: +#filter= + +# List of whitespace-separated IP addresses which will be judged +# as trustful. Messages coming from these addresses won't be challenged. +# Default: +#trusted-hosts= + +# List of whitespace separated domains to challenge. Others are +# automatically denied. The wildcard domain '*' is accepted, which +# means that requests are challenged whatever the originating domain +# is. This is convenient for a proxy serving multiple SIP domains. +# +# Default: localhost +auth-domains=<%= @flexisip_domain %> + +# List of digest algorithms to use for password hashing. Think this +# setting as filter applied after fetching the credentials of a +# user from the user database. For example, if a user has its password +# hashed by MD5 and SHA-256 but 'available-algorithms' only has +# MD5, then only a MD5-based challenged will be submitted to the +# UAC. +# Furthermore, should a user have several hashed passwords and these +# are present in the list, then a challenge header will be put in +# the 401 response for each fetched password in the order given +# by the list. +# Supported algorithms are MD5 and SHA-256. +# Default: MD5 +#available-algorithms=MD5 + +# Disable the QOP authentication method. Default is to use it, use +# this flag to disable it if needed. +# Default: false +#disable-qop-auth=false + +# Don't reply 403 when authentication fails. Instead, generate a +# new 401 (or 407) response containing a new challenge. +# Default: false +#no-403=false + +# Expiration time before generating a new nonce. +# Default: 3600 +# Default unit: second +#nonce-expires=3600 + +# The realm to use for digest authentication. It will used whatever +# the domain of the From-URI. +# If the value starts with 'regex:', then this parameter will have +# the same effect than 'realm-regex', using all the remaining string +# as regular expression. +# WARNING: this parameter is exclusive with 'realm-regex' +# +# Examples: +# realm=sip.example.org +# realm=regex:sip:.*@sip\.(.*)\.com +# +# Default: +#realm= + +# Extraction regex applied on the URI of the 'from' header (or P-Preferred-Identity +# header if present) in order to extract the realm. The realm is +# found out by getting the first slice of the URI that matches the +# regular expression. If it has one or more capturing parentheses, +# the content of the first one is used as realm. +# If no regex is specified, then the realm will be the domain part +# of the URI. +# +# For instance, given auth-domains=sip.example.com, you might use +# 'sip:.*@sip\.(.*)\.com' in order to use 'example' as realm. +# +# WARNING: this parameter is exclusive with 'realm' +# Default: +#realm-regex= + +# If set to true, the module will simply reject with "403 forbidden" +# any request coming from clients which have presented a bad TLS +# certificate (regardless of reason: improper signature, unmatched +# subjects). Otherwise, the module will fallback to a digest authentication. +# This policy applies only for transports configured which have +# 'required-peer-certificate=1' parameter; indeed no certificate +# is requested to the client otherwise. +# Default: false +#reject-wrong-client-certificates=false + +# An optional regular expression used to accept or deny a request +# basing on subject fields of the client certificate. The request +# is allowed if one of the subjects matches the regular expression. +# The list of subjects to check is built by extracting the following +# fields, in order: +# subjectAltNames.DNS, subjectAltNames.URI, subjectAltNames.IP +# and CN +# Default: +#tls-client-certificate-required-subject= + +# Accept requests which the client certificate enables to trust +# the domaine of its Request-URI. +# Default: false +#trust-domain-certificates=false + +# When receiving a proxy authenticate challenge, generate a new +# challenge for this proxy. +# Default: false +#new-auth-on-407=false + +# Database backend implementation for digest authentication [soci,file]. +# Default: file +db-implementation=file + +# Duration of the validity of the credentials added to the cache. +# Default: 1800 +# Default unit: second +#cache-expire=1800 + +# Path of the file in which user credentials are stored. +# The file must start with 'version:1' as the first line, and then +# contains lines in the form of: +# user@domain clrtxt:clear-text-password md5:md5-password sha256:sha256-password +# ; +# For example: +# bellesip@sip.linphone.org clrtxt:secret ; +# bellesip@sip.linphone.org md5:97ffb1c6af18e5687bf26cdf35e45d30 +# ; +# bellesip@sip.linphone.org clrtxt:secret md5:97ffb1c6af18e5687bf26cdf35e45d30 +# sha256:d7580069de562f5c7fd932cc986472669122da91a0f72f30ef1b20ad6e4f61a3 +# ; +# Default: +file-path=/etc/flexisip/users.db.txt + +# Choose the type of backend that Soci will use for the connection. +# Depending on your Soci package and the modules you installed, +# this could be 'mysql', 'oracle', 'postgresql' or something else. +# Default: mysql +#soci-backend=mysql + +# The configuration parameters of the Soci backend. +# The basic format is "key=value key2=value2". For a mysql backend, +# this is a valid config: "db=mydb user=user password='pass' host=myhost.com". +# Please refer to the Soci documentation of your backend, for intance: +# http://soci.sourceforge.net/doc/release/4.0/backends/mysql/ +# Default: db=mydb user=myuser password='mypass' host=myhost.com +#soci-connection-string=db=mydb user=myuser password='mypass' host=myhost.com + +# Soci SQL request used to obtain the password of a given user. +# Each keywords starting with ':' character will be replaced by +# strings extracted from the SIP request to authenticate. +# +# Only these keywords are supported: - ':id' : the user found +# in the from header (mandatory) +# - ':domain' : the authorization realm +# - ':authid' : the authorization username +# +# The request MUST returns a two-columns table, which columns are +# defined as follow: +# - 1st column: hashed password of the user or plain password if +# the associated algorithm is CLRTXT. +# - 2nd column: the algorithm used to hash the associated password. +# Supported values: 'CLRTXT', 'MD5', 'SHA-256' +# +# Examples: +# - the password and algorithm are both available in the database +# select password, algorithm from accounts where login = :id and +# domain = :domain +# +# - all the passwords from the database are MD5 +# select password, 'MD5' from accounts where login = :id and domain +# = :domain +# Default: select password, 'MD5' from accounts where login = :id and domain = :domain +#soci-password-request=select password, 'MD5' from accounts where login = :id and domain = :domain + +# Amount of queries that will be allowed to be queued before bailing +# password requests. +# This value should be chosen accordingly with 'soci-poolsize', +# so that you have a coherent behavior. +# This limit is here mainly as a safeguard against out-of-control +# growth of the queue in the event of a flood or big delays in the +# database backend. +# Default: 1000 +#soci-max-queue-size=1000 + +# Size of the pool of connections that Soci will use. A thread is +# opened for each DB query, and this pool will allow each thread +# to get a connection. +# The threads are blocked until a connection is released back to +# the pool, so increasing the pool size will allow more connections +# to occur simultaneously. +# On the other hand, you should not keep too many open connections +# to your DB at the same time. +# Default: 100 +#soci-poolsize=100 + + + + + + +## +## This module redirect sip requests with a 302 move temporarily. +## +[module::Redirect] + +# Indicate whether the module is activated. +# Default: false +#enabled=false + +# A request/response enters module if the boolean filter evaluates +# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain +# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org') +# && (user-agent == 'Linphone v2'). You can consult the full filter +# documentation here : https://wiki.linphone.org/xwiki/wiki/public/view/Flexisip/Configuration/Filter%20syntax/ +# Default: +#filter= + +# A contact where to redirect requests. ex: <sip:127.0.0.1:5065>;expires=100 +# Default: +#contact= + + + + + + +## +## This module is in charge of routing 'reg' event SUBSCRIBE requests +## to the flexisip-regevent server. +## +[module::RegEvent] + +# Indicate whether the module is activated. +# Default: false +#enabled=false + +# A request/response enters module if the boolean filter evaluates +# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain +# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org') +# && (user-agent == 'Linphone v2'). You can consult the full filter +# documentation here : https://wiki.linphone.org/xwiki/wiki/public/view/Flexisip/Configuration/Filter%20syntax/ +# Default: +#filter= + +# A sip uri where to send all the reg-event related requests. +# Default: sip:127.0.0.1:6065;transport=tcp +#regevent-server=sip:127.0.0.1:6065;transport=tcp + + + + + + +## +## This module is in charge of intercepting requests and routing +## them to the back-to-back user agent server. +## Requests filtering is based on the "User-Agent" header value, +## thus 'b2bua-server/user-agent' values must match both on Proxy +## and B2BUA servers. +## +[module::B2bua] + +# Indicate whether the module is activated. +# Default: false +#enabled=false + +# A request/response enters module if the boolean filter evaluates +# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain +# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org') +# && (user-agent == 'Linphone v2'). You can consult the full filter +# documentation here : https://wiki.linphone.org/xwiki/wiki/public/view/Flexisip/Configuration/Filter%20syntax/ +# Default: +#filter= + +# A sip uri where to send all the relevant requests. +# Default: sip:127.0.0.1:6067;transport=tcp +#b2bua-server=sip:127.0.0.1:6067;transport=tcp + + + + + + +## +## This module transfers SIP presence messages, like subscribe/notify/publish +## to a presence server. +## +[module::Presence] + +# Indicate whether the module is activated. +# Default: false +#enabled=false + +# A request/response enters module if the boolean filter evaluates +# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain +# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org') +# && (user-agent == 'Linphone v2'). You can consult the full filter +# documentation here : https://wiki.linphone.org/xwiki/wiki/public/view/Flexisip/Configuration/Filter%20syntax/ +# Default: is_request && (request.method-name == 'PUBLISH' || request.method-name == 'NOTIFY' || request.method-name == 'SUBSCRIBE') +#filter=is_request && (request.method-name == 'PUBLISH' || request.method-name == 'NOTIFY' || request.method-name == 'SUBSCRIBE') + +# A SIP URI where to send all presence related requests. +# Default: sip:127.0.0.1:5065;transport=tcp +#presence-server=sip:127.0.0.1:5065;transport=tcp + +# If true, only manage list subscription. +# Default: false +#only-list-subscription=false + +# When getting the list of users with phones, if this setting is +# enabled, it will limit the results to the ones that have the same +# domain. +# Default: false +#check-domain-in-presence-results=false + + + + + + +## +## The Registrar module handles REGISTER requests for domains it +## is in charge of. It stores the address of record (AOR) in order +## to allow routing requests intended to the client who registered. +## REGISTER requests for other domains are simply ignored and transferred +## to the next module. +## +[module::Registrar] + +# Indicate whether the module is activated. +# Default: true +enabled=true + +# A request/response enters module if the boolean filter evaluates +# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain +# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org') +# && (user-agent == 'Linphone v2'). You can consult the full filter +# documentation here : https://wiki.linphone.org/xwiki/wiki/public/view/Flexisip/Configuration/Filter%20syntax/ +# Default: +#filter= + +# List of whitespace separated domain names which the registar is +# in charge of. It can eventually be the '*' (wildcard) in order +# to match any domain name. +# Default: localhost +reg-domains=<%= @flexisip_domain %> + +# Register users based on response obtained from a back-end server. +# This mode is for using flexisip as a front-end server to hold +# client connections but registeracceptance is deferred to backend +# server to which the REGISTER is routed. +# Default: false +#reg-on-response=false + +# Maximum number of registered contacts per address of record. +# Default: 12 +#max-contacts-by-aor=12 + +# Limits the number of authorized "Contact:" headers in a REGISTER +# request. If the number of "Contact:" headers exceeds this limit, +# the request is rejected. +# Default: 12 +#max-contacts-per-registration=12 + +# List of contact URI parameters that can be used to identify a +# user's device. The contact parameters are searched in the order +# of the list, the first matching parameter is used and the others +# ignored. +# Default: +sip.instance pn-tok line +#unique-id-parameters=+sip.instance pn-tok line + +# When supported by the client, assign a pub-gruu address to the +# client, returned in the response. +# Default: true +#enable-gruu=true + +# Maximum expiry value for a REGISTER. +# Default: 86400 +# Default unit: second +#max-expires=86400 + +# Minimum expiry value for a REGISTER. +# Default: 60 +# Default unit: second +#min-expires=60 + +# Default expiry value to be used if no value has been found in +# the request headers or in 'Contact' header parameters. +# Default: 10min +# Default unit: millisecond +#default-expires=10min + +# Set a value that will override expiry values indicated in a 'REGISTER' +# request. A null or negative value disables this feature. If enabled, +# 'max-expires', 'min-expires' and 'default-expires' will not have +# any effect. +# Default: 0 +# Default unit: second +#force-expires=0 + +# File containing the static records to add to database on startup. +# Format: one 'sip_uri contact_header' by line. Example: +# <sip:contact@domain> <sip:127.0.0.1:5460>,<sip:192.168.0.1:5160> +# Default: +#static-records-file= + +# Timeout after which the static records file is re-read and the +# contacts updated. +# Default: 600 +# Default unit: second +#static-records-timeout=600 + +# Implementation used for storing the contact URIs of each address +# of record. Two backends are available: +# - redis : contacts are stored in a Redis database, which allows +# persistent and shared storage accross multiple Flexisip instances. +# - internal : contacts are stored in RAM. Of course, if flexisip +# is restarted, all the contact URIs are lost until clients update +# their registration. +# The redis backend is recommended, the internal being more adapted +# to very small deployments. +# Default: internal +db-implementation=internal + +# Hostname or address of the Redis server. +# Default: localhost +#redis-server-domain=localhost + +# Port of the Redis server. +# Default: 6379 +#redis-server-port=6379 + +# ACL username used to authenticate on Redis. Empty to disable. +# Setting this but not `redis-auth-password` is a misconfiguration, +# and will be ignored. +# Default: +#redis-auth-user= + +# Authentication password for Redis. Empty to disable. If set but +# `redis-auth-user` is left unset or empty, Flexisip will attempt +# to register in legacy mode. +# Default: +#redis-auth-password= + +# When Redis is configured in master-slave, Flexisip will periodically +# ask which Redis instances are the slaves and the master. This +# is the period at which it will query the server. It will then +# determine whether it is connected to the master, and if not, will +# terminate the connection and migrate to the master. +# Note: This requires that all Redis instances have the same password. +# Otherwise authentication will fail. +# Default: 60 +# Default unit: second +#redis-slave-check-period=60 + +# Tell if Flexisip should try to connect to Redis slaves if master +# went down. Can be disabled if slaves hostname info are on private +# network for example. +# Default: true +#redis-use-slaves-as-backup=true + +# The frequency of activation of the subscription session keep alive +# mechanism. Flexisip will periodically ping Redis subscription +# session. It will then determine whether it is connected, and if +# not, will try to reconnect. +# Default: 60 +# Default unit: second +#redis-subscription-keep-alive-check-period=60 + +# Sequence of proxies (space-separated) where requests will be redirected +# through (RFC3608) +# Default: +#service-route= + +# Name of the custom Contact header parameter which is to indicate +# the expire time for chat message delivery. +# Default: message-expires +#message-expires-param-name=message-expires + +# If not zero, the expire time put in the 200 OK response won't +# be the one required by the user agent, but will be slightly modified +# by subtracting a random value. The value given by this parameter +# is the maximum percentage of the initial expire that can be subtracted. +# If zero, no randomization is applied. Value must be in [0, 100]. +# Default: 0 +#register-expire-randomizer-max=0 + + + + + + +## +## The purpose of the StatisticsCollector module is to collect call +## statistics (RFC 6035) and store them on the server. +## +[module::StatisticsCollector] + +# Indicate whether the module is activated. +# Default: false +#enabled=false + +# A request/response enters module if the boolean filter evaluates +# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain +# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org') +# && (user-agent == 'Linphone v2'). You can consult the full filter +# documentation here : https://wiki.linphone.org/xwiki/wiki/public/view/Flexisip/Configuration/Filter%20syntax/ +# Default: is_request && request.method-name == 'PUBLISH' +#filter=is_request && request.method-name == 'PUBLISH' + +# SIP URI of the statistics collector. Note that application/vq-rtcpxr +# messages for this address will be deleted by this module and thus +# not be delivered. +# Default: +#collector-address= + + + + + + +## +## The Router module routes requests for domains it manages. +## The routing algorithm is as follows: +## - first skip route headers that directly point to this proxy. +## - if a route header is found that doesn't point to this proxy, +## then the request is not processed by the Router module, and will +## be handled by the Forward module at the end of the processing +## chain. +## - examine the request-uri: if it is part of the domains managed +## by this proxy (according to Registrar module 'reg-domains' definition, +## then attempt to resolve the request-uri from the Registrar database. +## - the results from the registrar database, in the form of contact +## headers, are sorted by priority (q parameter), if any. +## - for each set of contact with equal priorities, the request +## is forked, and sent to their corresponding sip URI. After a timeout +## defined by property 'call-fork-current-branches-timeout', a next +## set of contact header is determined. +## - responses are received from all attempted branches, and sent +## back to the request originator, according to the procedure of +## RFC3261 16.7 Response processing. +## The router module offers different variations of the routing logic, +## depending on whether it is an INVITE, a MESSAGE, or another type +## of request. The processing of MESSAGE request essentially differs +## from others because it allows to keep the MESSAGE for a later +## delivery, in which case the incoming transaction will be terminated +## with a 202 Accepted response. +## +[module::Router] + +# Indicate whether the module is activated. +# Default: true +#enabled=true + +# A request/response enters module if the boolean filter evaluates +# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain +# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org') +# && (user-agent == 'Linphone v2'). You can consult the full filter +# documentation here : https://wiki.linphone.org/xwiki/wiki/public/view/Flexisip/Configuration/Filter%20syntax/ +# Default: +#filter= + +# Store and retrieve contacts without using the domain. +# Default: false +#use-global-domain=false + +# Fork invites to late registers. +# Default: false +#fork-late=false + +# All the forked have to decline in order to decline the caller +# invite. +# Default: false +#fork-no-global-decline=false + +# Treat 603 Declined answers as urgent. Only relevant if fork-no-global-decline +# is set to true. +# Default: false +#treat-decline-as-urgent=false + +# During a fork procedure, treat all failure response as urgent. +# Default: false +#treat-all-as-urgent=false + +# Maximum time for a call fork to try to reach a callee. +# Default: 90 +# Default unit: second +#call-fork-timeout=90 + +# Maximum time before delivering urgent responses during a call +# fork. The typical fork process requires to wait the best response +# from all branches before transmitting it to the client. However +# some error responses are retryable immediately (like 415 unsupported +# media, 401, 407) thus it is painful for the client to need to +# wait the end of the transaction time (32 seconds) for these error +# codes. +# Default: 5 +# Default unit: second +#call-fork-urgent-timeout=5 + +# Maximum time before trying the next set of lower priority contacts. +# Default: 10 +# Default unit: second +#call-fork-current-branches-timeout=10 + +# Fork MESSAGE requests to client registering lately. +# Default: true +#message-fork-late=true + +# Maximum duration for delivering a MESSAGE request. This property +# applies only if message-fork-late is 'true'; otherwise, the duration +# can't exceed the normal transaction duration. +# Default: 604800 +# Default unit: second +#message-delivery-timeout=604800 + +# Maximum duration for accepting a MESSAGE request if no response +# is received from any recipients. This property is meaningful when +# message-fork-late is set to true. +# Default: 5 +# Default unit: second +#message-accept-timeout=5 + +# If 'true', the message that are waiting for delivery will be stored +# in database instead of memory. +# Default: false +#message-database-enabled=false + +# Choose the type of backend that Soci will use for the connection. +# Depending on your Soci package and the modules you installed, +# the supported databases are:`mysql` (and `sqlite3` soon) +# Default: mysql +#message-database-backend=mysql + +# The configuration parameters of the backend. The basic format +# is "key=value key2=value2". For a mysql backend, this is a valid +# config: "db=mydb user=user password='pass' host=myhost.com". Please +# refer to the Soci documentation of your backend, for instance: +# http://soci.sourceforge.net/doc/master/backends/#supported-backends-and-features +# Default: db='mydb' user='myuser' password='mypass' host='myhost.com' +#message-database-connection-string=db='mydb' user='myuser' password='mypass' host='myhost.com' + +# Size of the pool of connections that Soci will use for accessing +# the message database. +# Default: 100 +#message-database-pool-size=100 + +# Default route to apply when the recipient is unreachable or when +# when all attempted destination have failed.It is given as a SIP +# URI, for example: sip:example.org;transport=tcp (without surrounding +# brackets) +# Default: +#fallback-route= + +# During a call forking, allow several INVITEs going to the same +# next hop to be grouped into a single one. A proprietary custom +# header 'X-target-uris' is added to the INVITE to indicate the +# final targets of the INVITE. +# Default: false +#allow-target-factorization=false + +# Whether the proxy is allowed to generate and send provisional +# responses during a call forking process. A typical example for +# this is the '110 Push sent' emitted by the proxy when at least +# one push notification has been sent to a target UA while routing +# an INVITE. Some old versions of Linphone (below linphone-sdk 4.2) +# suffer from an issue when receiving such kind of provisional responses +# that don't come from a remote client. This setting is mainly intended +# to temporarily workaround this situation. +# Default: true +#permit-self-generated-provisional-response=true + +# Whether or not to resolve next hop in route header against registrar +# database. This is an extension to RFC3261, and should not be used +# unless in some specific deployment cases. A next hope in route +# header is otherwise resolved through standard DNS procedure by +# the Forward module. +# Default: false +#resolve-routes=false + +# Whether or not to fallback to the parent domain if there is no +# fallback route set and the recipient is unreachable. For example, +# if routing to sip:bob@a.b.com returns no result, route the request +# to b.com. This is also a non-standard behavior. +# Default: false +#parent-domain-fallback=false + +# Only use the fallback route if the expression is true. +# Default: true +#fallback-route-filter=true + +# Max time the proxy will retain a request in order to maintain +# order. +# Default: 30 +# Default unit: second +#max-request-retention-time=30 + +# List of sip addresses that are always added to the list of contacts +# fetched from the registrar database when routing INVITE and MESSAGE +# requests. +# Default: +#static-targets= + + + + + + +## +## The PushNotification module sends push notifications to mobile +## phone notification systems: apple, firebase (android), as well +## as generic HTTP GET/POST APIs (custom server to which actual sending +## of the notification is delegated). Push notifications are sent +## when an INVITE or MESSAGE request is not answered by thedestination +## of the request within a certain period of time (configurable hereunder +## by 'timeout' parameter). This module has an implicit dependency +## on the Router module, which is in charge of creating the incoming +## and outgoing transactions as well as the context associated with +## the request forking process. No push notification can be sent +## if the Router module is not enabled. The time-to-live (ttl) of +## the push notification depends on the type of event for which the +## push notification is sent: +## - If it is for a call (INVITE), ttl will be set equal to 'module::Router/call-fork-timeout', +## which corresponds to the maximum time for a call attempt. +## - If it is for an IM (MESSAGE or INVITE for a text session), +## ttl will be set equal to 'message-time-to-live'. +## +[module::PushNotification] + +# Indicate whether the module is activated. +# Default: false +#enabled=false + +# A request/response enters module if the boolean filter evaluates +# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain +# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org') +# && (user-agent == 'Linphone v2'). You can consult the full filter +# documentation here : https://wiki.linphone.org/xwiki/wiki/public/view/Flexisip/Configuration/Filter%20syntax/ +# Default: +#filter= + +# Time to wait before sending a push notification to a device. +# A negative or zero value will cause the push notification to be +# sent immediately. This behavior is recommended as mobile devices +# do not have a permanent connection with Flexisip most of the time. +# Default: 0 +# Default unit: second +#timeout=0 + +# Time to live for the push notifications related to IM messages. +# The default value zero is interpreted as using the same value +# as for 'module::Router/message-delivery-timeout'. +# Default: 0 +# Default unit: second +#message-time-to-live=0 + +# Maximum number of push notifications queued for each push notification +# service. +# Default: 100 +#max-queue-size=100 + +# Number of push notification request retransmissions sent to a +# client for a same event (call or message). +# Retransmissions cease when a response is received from the client. +# The value zero disables retransmissions. +# Default: 0 +#retransmission-count=0 + +# Retransmission interval for push notification requests, when a +# 'retransmission-count' has been specified above. +# Default: 5 +# Default unit: second +#retransmission-interval=5 + +# Default interval between two subsequent push notifications when +# remote push notifications are used to notify a call invitation +# to a client that has not published any token for VoIP and background +# push notifications. +# In that case, several push notifications are sent subsequently +# until the call is picked up, declined or canceled. This parameter +# can be overridden by the client by using the 'pn-call-remote-push-interval' +# push parameter. +# A value of zero deactivates push notification repetitions and +# the sending of the final notification. Thus, only the first push +# notification will be sent. The value must be in [0;30]. +# Default: 0 +# Default unit: second +#call-remote-push-interval=0 + +# If true, the following key in the payload of the push request +# will be set: +# * 'from-uri': the SIP URI of the caller or the message sender. +# * 'display-name': the display name of the caller or the message +# sender. +# * 'loc-args': the display name if not empty or the SIP URI instead. +# +# If false, the keys will be set empty. +# Default: false +#display-from-uri=false + +# Enable push notification for Apple devices. +# Default: true +#apple=true + +# Path to directory where Apple Push Notification service certificates +# are located. +# The file names MUST bear the appid of the application, suffixed +# by the release mode and '.pem' extension. Examples: org.linphone.dev.pem, +# org.linphone.prod.pem, com.somephone.dev.pem, etc... The files +# MUST be '.pem' format, and made of certificates followed by the +# private key. +# This directory may also contain Voice Over IP certificates (certificates +# to use PushKit). They MUST bear the appid of the application, +# suffixed by the release mode and '.pem' extension, and made of +# certificate followed by the private key. Examples: org.linphone.voip.dev.pem, +# org.linphone.voip.prod.pem, com.somephone.voip.dev.pem, etc... +# Default: /etc/flexisip/apn +#apple-certificate-dir=/etc/flexisip/apn + +# Set the badge value to 0 for Apple push notifications. +# Default: false +#no-badge=false + +# Enable push notification for Android devices. +# Default: true +#firebase=true + +# List of pairs of <Firebase Project Number>:<Firebase Cloud Messaging +# API (Legacy) Server Key> for each Android project that supports +# push notifications. +# Default: +#firebase-projects-api-keys= + +# List of pairs of <Firebase Project Number>:<Path to service account +# json file> for each Android project that supports push notifications. +# Default: +#firebase-service-accounts= + +# Time to execute the access token refresh operation just before +# the current access token expires. This parameter is used to control +# overlapping access token lifetimes. +# Default: 300 +# Default unit: second +#firebase-token-expiration-anticipation-time=300 + +# Default interval to execute the access token refresh operation +# in the event that the access token has not been successfully obtained. +# Default: 60 +# Default unit: second +#firebase-default-refresh-interval=60 + +# Allows you to route push notification requests through a designated +# server instead of directly communicating with Apple and Google +# servers. +# Using this setup, the server sends an HTTP request to the specified +# server, embedding all required information within the URL. Various +# placeholders can be used within the HTTP request URI: +# +# - $type: Type of push notification, distinguishing between Apple +# ('apple') and Android ('firebase') notifications. +# - $token: Value of the 'pn-prid' push parameter. For Apple devices, +# 'pn-prid' may contain multiple tokens depending on the notification +# type ('remote' or 'voip'). In such cases, $token is replaced by +# the relevant token matching the notification type. +# - $api-key: Deprecated placeholder for the Firebase API key. +# It is advised that the designated server manages the authentication +# credentials. +# - $app-id: Application identifier. On Android, it matches the +# value of 'pn-param'. On Apple, it matches the string between the +# first and last dot ('.') of 'pn-param'. For example, if 'pn-param' +# is 'ABCD1234.org.my-app.remote&voip', $app-id becomes 'org.my-app'. +# - $from-name: Display name in the 'From' header of the triggering +# request for the push notification. Replaced by an empty string +# if 'display-from-uri' is false. +# - $from-uri: SIP URI in the 'From' header of the triggering request. +# Replaced by an empty string if 'display-from-uri' is false. +# - $from-tag: Tag of the 'From' header in the triggering request. +# - $to-uri: SIP URI in the 'To' header. +# - $call-id: Call-ID of the INVITE or MESSAGE request. +# - $event: Type of event that triggered the push notification +# ('call' for call invites, 'message' for message delivery or chatroom +# invitation). +# - $sound: For iOS only, if $event is 'call', it is the value +# of 'pn-call-snd' contact parameter; otherwise, it represents 'pn-msg-snd'. +# This allows customization of the push notification sound. If 'pn-call-snd' +# or 'pn-msg-snd' contact parameters were not set during user agent +# registration, the placeholder is replaced with 'empty'. +# - $msgid: For iOS only, replaced by respective contact parameter +# values ('pn-call-str', 'pn-msg-str', or 'pn-groupchat-str') if +# the triggering SIP message is a call invite, pending message, +# or groupchat invitation. If these parameters were not set during +# user agent registration, placeholders are replaced by 'IC_MSG', +# 'IM_MSG', or 'IG_MSG'. This allows customization of the push notification +# title. +# - $uid: UUID present in the '+sip.instance' parameter value when +# the recipient of the push notification registered to the registrar. +# +# Additionally, the text message content is included in the HTTP +# request body as text/plain if available. Example: http://292.168.0.2/$type/$event?from-uri=$from-uri&tag=$from-tag&callid=$callid&to=$to-uri +# Default: +#external-push-uri= + +# Method for reaching external-push-uri (typically GET or POST). +# Default: GET +#external-push-method=GET + +# Protocol used for reaching external-push-uri ('http2' or 'http' +# (deprecated)). +# Default: http2 +#external-push-protocol=http2 + +# Send service push notification periodically to all devices that +# are about to expire and should wake up to REGISTER back. The zero +# value disables this feature. Recommended value: 30 +# Default: 0 +# Default unit: minute +#register-wakeup-interval=0 + +# Start sending wake-up push notifications to contacts when they +# pass the provided percentage of their lifetime. The value MUST +# be in [0;100] +# Default: 50 +#register-wakeup-threshold=50 + + + + + + +## +## The MediaRelay module masquerades SDP message so that all RTP +## and RTCP streams go through the proxy. When the client has set +## ICE candidates in the SDP offer, then the MediaRelay module will +## automatically add ICE relay candidates. The RTP and RTCP streams +## are then routed so that each client receives the stream of the +## other. MediaRelay makes sure that RTP is ALWAYS established, even +## with uncooperative firewalls. +## +[module::MediaRelay] + +# Indicate whether the module is activated. +# Default: true +#enabled=true + +# A request/response enters module if the boolean filter evaluates +# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain +# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org') +# && (user-agent == 'Linphone v2'). You can consult the full filter +# documentation here : https://wiki.linphone.org/xwiki/wiki/public/view/Flexisip/Configuration/Filter%20syntax/ +# Default: +#filter= + +# The name of the SDP attribute to set by the first proxy to forbid +# subsequent proxies to provide relay. Use 'disable' to disable. +# Default: nortpproxy +#nortpproxy=nortpproxy + +# The minimal value of SDP port range +# Default: 1024 +sdp-port-range-min=<%= @flexisip_sdp_port_range_min %> + +# The maximal value of SDP port range +# Default: 65535 +sdp-port-range-max=<%= @flexisip_sdp_port_range_max %> + +# Sends a ACK and BYE to 200Ok for INVITEs not belonging to any +# established call. This is to solve the race condition that happens +# when two callees answer the same call at the same time. According +# to RFC3261, the caller is expected to send an ACK followed by +# a BYE to the loser callee. This is not the case in RFC2543, where +# the proxy was supposed to do this. When set to true, the MediaRelay +# module will implement the RFC2543 behavior. Note that it may sound +# inappropriate to bundle this property with the media relay feature. +# However the MediaRelay module is the only one in Flexisip that +# has the visibility of SIP dialogs, which is necessary to implement +# this feature. +# Default: false +#bye-orphan-dialogs=false + +# Maximum concurrent calls processed by the media-relay. Calls arriving +# when the limit is exceed will be rejected. A value of 0 means +# no limit. +# Default: 0 +#max-calls=0 + +# When true, the 'c=' line and port number are set to the relay +# ip/port even if ICE candidates are present in the request, while +# the standard behavior is to leave the c= line and port number +# as they are in the original offer sent by the client. This variation +# allows callees that do not support ICE at all to benefit from +# the media relay service. +# Default: true +#force-relay-for-non-ice-targets=true + +# Prevent media-relay ports to loop between them, which can cause +# 100% cpu on the media relay thread. You need to set this property +# to false if you are running test calls from clients running on +# the same IP address as the flexisip server +# Default: true +#prevent-loops=true + +# In case multiples '183 Early media' responses are received for +# a call, only the first one will have RTP streams forwarded back +# to caller. This feature prevents the caller to receive 'mixed' +# streams, but it breaks scenarios where multiple servers play early +# media announcement in sequence. +# Default: true +#early-media-relay-single=true + +# Maximum number of relayed early media streams per call. This is +# useful to limit the cpu usage due to early media relaying on embedded +# systems. A value of 0 stands for unlimited. +# Default: 0 +#max-early-media-per-call=0 + +# Period of time after which a relayed call without any activity +# is considered as no longer running. Activity counts RTP/RTCP packets +# exchanged through the relay and SIP messages. +# Default: 3600 +# Default unit: second +#inactivity-period=3600 + +# Force the media relay to use the public address of Flexisip to +# relay calls. It not enabled, Flexisip will deduce a suitable IP +# address by basing on data from SIP messages, which could fail +# in tricky situations e.g. when Flexisip is behind a TCP proxy. +# Default: false +#force-public-ip-for-sdp-masquerading=false + + + + + + +## +## The purpose of the Transcoder module is to transparently transcode +## from one audio codec to another to make the communication possible +## between clients that do not share the same set of supported codecs. +## Concretely, it adds all missing codecs into the INVITEs it receives, +## and adds codecs matching the original INVITE into the 200Ok. Rtp +## ports and addresses are masqueraded so that the streams can be +## processed by the proxy. The transcoding job is done in the background +## by the Mediastreamer2 library, as consequence the set of supported +## codecs is exactly the the same as the codec set supported by Mediastreamer2, +## including the possible plugins you may installed to extend Mediastreamer2. +## +## WARNING: this module can conflict with the MediaRelay module as +## they are both changing the SDP. Make sure to configure them with +## different to-domains or from-domains filter if you want to enable +## both of them. +## +[module::Transcoder] + +# Indicate whether the module is activated. +# Default: false +#enabled=false + +# A request/response enters module if the boolean filter evaluates +# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain +# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org') +# && (user-agent == 'Linphone v2'). You can consult the full filter +# documentation here : https://wiki.linphone.org/xwiki/wiki/public/view/Flexisip/Configuration/Filter%20syntax/ +# Default: +#filter= + +# Nominal size of RTP jitter buffer. A value of 0 means no jitter +# buffer (packet processing). +# Default: 0 +# Default unit: millisecond +#jb-nom-size=0 + +# Whitespace separated list of user-agent strings for which audio +# rate control is performed. +# Default: +#rc-user-agents= + +# Whitespace seprated list of audio codecs, in order of preference. +# The 'telephone-event' codec is necessary for inband DTMF processing. +# Default: speex/8000 amr/8000 iLBC/8000 gsm/8000 pcmu/8000 pcma/8000 telephone-event/8000 +#audio-codecs=speex/8000 amr/8000 iLBC/8000 gsm/8000 pcmu/8000 pcma/8000 telephone-event/8000 + +# Remove the bandwidth limitations from SDP offers and answers +# Default: false +#remove-bw-limits=false + +# If true, retransmissions of INVITEs will be blocked. The purpose +# of this option is to limit bandwidth usage and server load on +# reliable networks. +# Default: false +#block-retransmissions=false + + + + + + +## +## This module executes the basic routing task of SIP requests and +## pass them to the transport layer. It must always be enabled. +## +[module::Forward] + +# Indicate whether the module is activated. +# Default: true +#enabled=true + +# A request/response enters module if the boolean filter evaluates +# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain +# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org') +# && (user-agent == 'Linphone v2'). You can consult the full filter +# documentation here : https://wiki.linphone.org/xwiki/wiki/public/view/Flexisip/Configuration/Filter%20syntax/ +# Default: +#filter= + +# A path to a configuration file describing routes to be prepended +# before forwarding a request, when specific conditions for the +# SIP request being forwarded are met. The condition is described +# using flexisip's filter syntax, as described on +# https://wiki.linphone.org/xwiki/wiki/public/view/Flexisip/Configuration/Filter%20syntax/ +# The configuration file comprises lines using the following syntax: +# <sip route> <condition expressed as a filter expression> +# Comments are allowed with '#'. +# Conditions can spread over multiples lines provided that the continuation +# line starts with either spaces or tabs. +# The special condition '*' matches every request. +# The conditions are matched in the order they appear in the configuration +# file. The first fulfilled condition determines the route that +# is prepended.If the request does not match any condition, no route +# is prepended. +# The file may be empty, or no path may be specified, in which case +# no route is preprended either. Here is a an example of a valid +# routes configuration file: +# <sip:example.org;transport=tls> request.uri.domain == 'example.org' +# <sip:10.0.0.2:5070;transport=tcp> request.uri.params contains +# 'user=phone' +# +# Beware: that is not just a SIP URI, but a route. As a result, +# when the URI has parameters, brackets must enclose the URI, otherwise +# the parameters will be parsed as route parameters. +# Default: +#routes-config-path= + +# Add a path header of this proxy +# Default: true +#add-path=true + +# For SIP URIs, in asbsence of transport parameter, assume the given +# transport is to be used. Possible values are udp, tcp or tls. +# Default: udp +#default-transport=udp + +# List of URL and contact params to remove +# Default: pn-tok pn-type app-id pn-msg-str pn-call-str pn-call-snd pn-msg-snd pn-timeout pn-silent pn-provider pn-prid pn-param +#params-to-remove=pn-tok pn-type app-id pn-msg-str pn-call-str pn-call-snd pn-msg-snd pn-timeout pn-silent pn-provider pn-prid pn-param + + + + + + +## +## Inter domain connections is a set of feature allowing to dynamically +## connect several Flexisip servers together in order to manage SIP +## routing at local and global scope. Let's suppose you have two +## SIP network a.example.net and b.example.net run privately and +## independently (no one from a.example.net needs to call someone +## at b.example.net). However, when people from a and b are outside +## of their network, they register to a worldwide available Flexisip +## instance running on 'global.example.net'. It is then possible +## to: +## * have calls made within a.example.net routed locally and sent +## to global.example.net in order to reach users inside and outside +## of a's network. Example: 1@a.example.net calls 2@a.example.net. +## If 2 is registered on a.example.net then the call is routed locally. +## On the contrary if 2 is absent and registered, the call is then +## sent to global.example.net and then routed by the global proxy. +## * when global.example.net receives a call from a user not within +## its native network (ex: 1@a.example.net calls 2@a.example.net), +## it can route this call to the proxy that is responsible for managing +## the local domain (a.example.net). +## +## This system is dynamic: the physical IP address of a and b network +## can change (dynamic ip address allocation) +## .This scenario is achieved with two key features: +## * a.example.net sends a REGISTER to global.example.net to indicate +## that it is the responsible for the entire domain a.example.net. +## The global.example.net authenticates this REGISTER thanks to TLS +## client certificate presented by a.example.net. +## * global.example.net is configured to accept this domain registration +## and route all calls it receives directly and destinated to a.example.net +## domain through the connection established by a.example.net during +## the domain registration. +## +[inter-domain-connections] + +# Whether Flexisip shall accept registrations for entire domains +# Default: false +#accept-domain-registrations=false + +# Whether Flexisip shall assume that there is a unique server per +# registered domain, which allows to clean old registrations and +# simplifies the routing logic. +# Default: false +#assume-unique-domains=false + +# Path to a text file describing the domain registrations to make. +# This file must contains lines like: +# <local domain name> <SIP URI of proxy/registrar where to send +# the domain REGISTER> [password]> +# where: +# <local domain name> is a domain name managed locally by this +# proxy +# <SIP URI of proxy/registrar> is the SIP URI where the domain +# registration will be sent. The special uri parameter 'tls-certificates-dir' +# is understood in order to specify a TLS client certificate to +# present to the remote proxy. +# [password] is the password to use if the remote proxy/registrar +# requests a digest authentication. It is optional. +# If the file is absent or empty, no registrations are done.An +# example of such line is: +# belledonne.linphone.org <sips:sip.linphone.org;tls-certificates-dir=/etc/flexisip/client-cert> +# gghhiioozz +# Default: /etc/flexisip/domain-registrations.conf +#domain-registrations=/etc/flexisip/domain-registrations.conf + +# When submitting a domain registration to a server over TLS, verify +# the certificate presented by the server. Disabling this option +# is only for test, because it is a security flaw +# Default: true +#verify-server-certs=true + +# Interval for sending \r\n\r\n keepalives through the outgoing +# domain registration connection.A value of zero disables keepalives. +# Default: 30 +# Default unit: second +#keepalive-interval=30 + +# Delay after which TCP/TLS connections will be considered as broken +# if no CRLF pong has been received from the registrar. A delay +# of 0 means that no pong is expected after ping. The registrar +# must advertise the 'outbound' option tag in a Supported header +# for this detection to be active. +# Warning: This parameter must be strictly lower than “keepalive-interval”. +# Default: 0 +# Default unit: second +#ping-pong-timeout-delay=0 + +# Delay before creating a new connection after connection is known +# as broken. Set '0' in order the connection be recreated immediately. +# Default: 5 +# Default unit: second +#reconnection-delay=5 + +# Whether Flexisip shall only send a domain registration when a +# device is registered +# Default: false +#reg-when-needed=false + +# Route received REGISTER request to the server in charge of the +# domain, according to accepted domain registrations. This option +# is intended to be used with 'reg-on-response' mode of Registrar +# module, and 'accept-domain-registrations' enabled too.The 'reg-on-response' +# mode typically allows Flexisip to forward an incoming REGISTER +# to an upstream server, and record the client's contact address +# upon receiving the 200 Ok response from the upstream server. When +# 'relay-reg-to-domains' is enabled, the routing to the upstream +# server is performed according to the domain registrations received +# previously by flexisip, instead of usual DNS-based procedures. +# Default: false +#relay-reg-to-domains=false + +# regex to match domain names (host part of URL) for which the register +# requests should be routed to the upstream server.This option is +# intended to be used with 'relay-reg-to-domains' mode enabled. +# Default: +#relay-reg-to-domains-regex= + diff --git a/personal_infra/puppet/modules/freeswitch/manifests/init.pp b/personal_infra/puppet/modules/freeswitch/manifests/init.pp deleted file mode 100644 index 2323e832..00000000 --- a/personal_infra/puppet/modules/freeswitch/manifests/init.pp +++ /dev/null @@ -1,24 +0,0 @@ -class freeswitch($freeswitch_password, $freeswitch_address, $freeswitch_rtp_start_port, $freeswitch_rtp_end_port) { - package {'okay-release': - source => 'http://repo.okay.com.mx/centos/9/x86_64/release/okay-release-1-10.el9.noarch.rpm', - } - -> - package {['freeswitch-config-vanilla', 'freeswitch-systemd', 'freeswitch-sounds-en-us-callie-all']:} - -> - service {'freeswitch': - enable => true, - ensure => running, - } - - file {'/etc/freeswitch/vars.xml': - content => template('freeswitch/vars.xml'), - require => Package['freeswitch-config-vanilla'], - notify => Service['freeswitch'], - } - - file {'/etc/freeswitch/autoload_configs/switch.conf.xml': - content => template('freeswitch/switch.conf.xml'), - require => Package['freeswitch-config-vanilla'], - notify => Service['freeswitch'], - } -} diff --git a/personal_infra/puppet/modules/freeswitch/templates/switch.conf.xml b/personal_infra/puppet/modules/freeswitch/templates/switch.conf.xml deleted file mode 100644 index 36891f9b..00000000 --- a/personal_infra/puppet/modules/freeswitch/templates/switch.conf.xml +++ /dev/null @@ -1,208 +0,0 @@ -<configuration name="switch.conf" description="Core Configuration"> - - <cli-keybindings> - <key name="1" value="help"/> - <key name="2" value="status"/> - <key name="3" value="show channels"/> - <key name="4" value="show calls"/> - <key name="5" value="sofia status"/> - <key name="6" value="reloadxml"/> - <key name="7" value="console loglevel 0"/> - <key name="8" value="console loglevel 7"/> - <key name="9" value="sofia status profile internal"/> - <key name="10" value="sofia profile internal siptrace on"/> - <key name="11" value="sofia profile internal siptrace off"/> - <key name="12" value="version"/> - </cli-keybindings> - - <default-ptimes> - <!-- Set this to override the 20ms assumption of various codecs in the sdp with no ptime defined --> - <!-- <codec name="G729" ptime="40"/> --> - </default-ptimes> - - <settings> - <!-- Colorize the Console --> - <param name="colorize-console" value="true"/> - - <!--Include full timestamps in dialplan logs --> - <param name="dialplan-timestamps" value="false"/> - - <!-- Run the timer at 20ms by default and drop down as needed unless you set 1m-timer=true which was previous default --> - <!-- <param name="1ms-timer" value="true"/> --> - - <!-- - Set the Switch Name for HA environments. - When setting the switch name, it will override the system hostname for all DB and CURL requests - allowing cluster environments such as RHCS to have identical FreeSWITCH configurations but run - as different hostnames. - --> - <!-- <param name="switchname" value="freeswitch"/> --> - <!-- <param name="cpu-idle-smoothing-depth" value="30"/> --> - - - <!-- Maximum number of simultaneous DB handles open --> - <param name="max-db-handles" value="50"/> - <!-- Maximum number of seconds to wait for a new DB handle before failing --> - <param name="db-handle-timeout" value="10"/> - - <!-- Minimum idle CPU before refusing calls --> - <!-- <param name="min-idle-cpu" value="25"/> --> - - <!-- Interval between heartbeat events --> - <!-- <param name="event-heartbeat-interval" value="20"/> --> - - <!-- - Max number of sessions to allow at any given time. - - NOTICE: If you're driving 28 T1's in a single box you should set this to 644*2 or 1288 - this will ensure you're able to use the entire DS3 without a problem. Otherwise you'll - be 144 channels short of always filling that DS3 up which can translate into waste. - --> - <param name="max-sessions" value="1000"/> - <!--Most channels to create per second --> - <param name="sessions-per-second" value="30"/> - <!-- Default Global Log Level - value is one of debug,info,notice,warning,err,crit,alert --> - <param name="loglevel" value="debug"/> - - <!-- Set the core DEBUG level (0-10) --> - <!-- <param name="debug-level" value="10"/> --> - - <!-- SQL Buffer length within rage of 32k to 10m --> - <!-- <param name="sql-buffer-len" value="1m"/> --> - <!-- Maximum SQL Buffer length must be greater than sql-buffer-len --> - <!-- <param name="max-sql-buffer-len" value="2m"/> --> - - <!-- - The min-dtmf-duration specifies the minimum DTMF duration to use on - outgoing events. Events shorter than this will be increased in duration - to match min_dtmf_duration. You cannot configure a dtmf duration on a - profile that is less than this setting. You may increase this value, - but cannot set it lower than 400. This value cannot exceed - max-dtmf-duration. --> - <!-- <param name="min-dtmf-duration" value="400"/> --> - - <!-- - The max-dtmf-duration caps the playout of a DTMF event at the specified - duration. Events exceeding this duration will be truncated to this - duration. You cannot configure a duration on a profile that exceeds - this setting. This setting can be lowered, but cannot exceed 192000. - This setting cannot be set lower than min_dtmf_duration. --> - <!-- <param name="max-dtmf-duration" value="192000"/> --> - - <!-- - The default_dtmf_duration specifies the DTMF duration to use on - originated DTMF events or on events that are received without a - duration specified. This value can be increased or lowered. This - value is lower-bounded by min_dtmf_duration and upper-bounded by - max-dtmf-duration\. --> - <!-- <param name="default-dtmf-duration" value="2000"/> --> - - <!-- - If you want to send out voicemail notifications via Windows you'll need to change the mailer-app - variable to the setting below: - - <param name="mailer-app" value="msmtp"/> - - Do not change mailer-app-args. - You will also need to download a sendmail clone for Windows (msmtp). This version works without issue: - http://msmtp.sourceforge.net/index.html. Download and copy the .exe to %winddir%\system32. - You'll need to create a small config file for smtp credentials (host name, authentication, tls, etc.) in - %USERPROFILE%\Application Data\ called "msmtprc.txt". Below is a sample copy of this file: - - ################################### - # The SMTP server of the provider. - account provider - host smtp.myisp.com - from john@myisp.com - auth login - user johndoe - password mypassword - - # Set a default account - account default : provider - ################################### - - --> - - <param name="mailer-app" value="sendmail"/> - <param name="mailer-app-args" value="-t"/> - <param name="dump-cores" value="yes"/> - - <!-- Enable verbose channel events to include every detail about a channel on every event --> - <!-- <param name="verbose-channel-events" value="no"/> --> - - <!-- Enable clock nanosleep --> - <!-- <param name="enable-clock-nanosleep" value="true"/> --> - - <!-- Enable monotonic timing --> - <!-- <param name="enable-monotonic-timing" value="true"/> --> - - <!-- NEEDS DOCUMENTATION --> - <!-- <param name="enable-softtimer-timerfd" value="true"/> --> - <!-- <param name="enable-cond-yield" value="true"/> --> - <!-- <param name="enable-timer-matrix" value="true"/> --> - <!-- <param name="threaded-system-exec" value="true"/> --> - <!-- <param name="tipping-point" value="0"/> --> - <!-- <param name="timer-affinity" value="disabled"/> --> - <!-- NEEDS DOCUMENTATION --> - - <!-- RTP port range --> - <param name="rtp-start-port" value="<%= @freeswitch_rtp_start_port %>"/> - <param name="rtp-end-port" value="<%= @freeswitch_rtp_end_port %>"/> - - <!-- Test each port to make sure it is not in use by some other process before allocating it to RTP --> - <!-- <param name="rtp-port-usage-robustness" value="true"/> --> - - <param name="rtp-enable-zrtp" value="false"/> - - <!-- - Store encryption keys for secure media in channel variables and call CDRs. Default: false. - WARNING: If true, anyone with CDR access can decrypt secure media! - --> - <!-- <param name="rtp-retain-crypto-keys" value="true"/> --> - - <!-- - Native PostgreSQL support was removed from the FreeSWITCH Core! - ================================= - NOTICE: You MUST enable mod_pgsql - ================================= - According to https://www.postgresql.org/docs/9.6/libpq-connect.html#LIBPQ-CONNSTRING - There are two accepted formats for connection strings supported by the libpq library: - * For plain keyword = value strings use pgsql:// - pgsql://hostaddr=127.0.0.1 dbname=freeswitch user=freeswitch password='' options='-c client_min_messages=NOTICE' - * For RFC 3986 URIs use postgresql:// or postgres:// - postgresql:// - postgresql://localhost - postgresql://localhost:5433 - postgresql://localhost/mydb - postgresql://user@localhost - postgresql://user:secret@localhost - postgresql://other@localhost/otherdb?connect_timeout=10&application_name=myapp - postgresql:///mydb?host=localhost&port=5433 - --> - <!-- <param name="core-db-dsn" value="pgsql://hostaddr=127.0.0.1 dbname=freeswitch user=freeswitch password='' options='-c client_min_messages=NOTICE'" /> --> - <!-- <param name="core-db-dsn" value="postgresql://freeswitch:@127.0.0.1/freeswitch?options=-c%20client_min_messages%3DNOTICE" /> --> - <!-- <param name="core-db-dsn" value="mariadb://Server=localhost;Database=freeswitch;Uid=freeswitch;Pwd=pass;" /> --> - <!-- <param name="core-db-dsn" value="dsn:username:password" /> --> - <!-- - Allow to specify the sqlite db at a different location (In this example, move it to ramdrive for - better performance on most linux distro (note, you loose the data if you reboot)) - --> - <!-- <param name="core-db-name" value="/dev/shm/core.db" /> --> - - <!-- The system will create all the db schemas automatically, set this to false to avoid this behaviour --> - <!-- <param name="auto-create-schemas" value="true"/> --> - <!-- <param name="auto-clear-sql" value="true"/> --> - <!-- <param name="enable-early-hangup" value="true"/> --> - - <!-- <param name="core-dbtype" value="MSSQL"/> --> - - <!-- Allow multiple registrations to the same account in the central registration table --> - <!-- <param name="multiple-registrations" value="true"/> --> - - <!-- <param name="max-audio-channels" value="2"/> --> - - </settings> - -</configuration> - diff --git a/personal_infra/puppet/modules/freeswitch/templates/vars.xml b/personal_infra/puppet/modules/freeswitch/templates/vars.xml deleted file mode 100644 index 850c0a17..00000000 --- a/personal_infra/puppet/modules/freeswitch/templates/vars.xml +++ /dev/null @@ -1,448 +0,0 @@ -<include> - <!-- Preprocessor Variables - These are introduced when configuration strings must be consistent across modules. - NOTICE: YOU CAN NOT COMMENT OUT AN X-PRE-PROCESS line, Remove the line instead. - - WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING - - YOU SHOULD CHANGE THIS default_password value if you don't want to be subject to any - toll fraud in the future. It's your responsibility to secure your own system. - - This default config is used to demonstrate the feature set of FreeSWITCH. - - WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING - --> - <X-PRE-PROCESS cmd="set" data="default_password=<%= @freeswitch_password %>"/> - <!-- Did you change it yet? --> - <!-- - The following variables are set dynamically - calculated if possible by freeswitch - and - are available to the config as $${variable}. You can see their calculated value via fs_cli - by entering eval $${variable} - - hostname - local_ip_v4 - local_mask_v4 - local_ip_v6 - switch_serial - base_dir - recordings_dir - sound_prefix - sounds_dir - conf_dir - log_dir - run_dir - db_dir - mod_dir - htdocs_dir - script_dir - temp_dir - grammar_dir - certs_dir - storage_dir - cache_dir - core_uuid - zrtp_enabled - nat_public_addr - nat_private_addr - nat_type - - --> - - - <X-PRE-PROCESS cmd="set" data="sound_prefix=$${sounds_dir}/en/us/callie"/> - <!--<Z-PRE-PROCESS cmd="set" data="sound_prefix=$${sounds_dir}/en/us/allison"/> --> - - <!-- - This setting is what sets the default domain FreeSWITCH will use if all else fails. - - FreeSWICH will default to $${local_ip_v4} unless changed. Changing this setting does - affect the sip authentication. Please review conf/directory/default.xml for more - information on this topic. - --> - <X-PRE-PROCESS cmd="set" data="domain=sip.pdp7.net"/> - <X-PRE-PROCESS cmd="set" data="domain_name=$${domain}"/> - <X-PRE-PROCESS cmd="set" data="hold_music=local_stream://moh"/> - <X-PRE-PROCESS cmd="set" data="use_profile=external"/> - <X-PRE-PROCESS cmd="set" data="rtp_sdes_suites=AEAD_AES_256_GCM_8|AEAD_AES_128_GCM_8|AES_CM_256_HMAC_SHA1_80|AES_CM_192_HMAC_SHA1_80|AES_CM_128_HMAC_SHA1_80|AES_CM_256_HMAC_SHA1_32|AES_CM_192_HMAC_SHA1_32|AES_CM_128_HMAC_SHA1_32|AES_CM_128_NULL_AUTH"/> - <!-- - Enable ZRTP globally you can override this on a per channel basis - - http://wiki.freeswitch.org/wiki/ZRTP (on how to enable zrtp) - --> - <X-PRE-PROCESS cmd="set" data="zrtp_secure_media=true"/> - <!-- - NOTICE: When using SRTP it's critical that you do not offer or accept - variable bit rate codecs, doing so would leak information and possibly - compromise your SRTP stream. (FS-6404) - - Supported SRTP Crypto Suites: - - AEAD_AES_256_GCM_8 - ____________________________________________________________________________ - This algorithm is identical to AEAD_AES_256_GCM (see Section 5.2 of - [RFC5116]), except that the tag length, t, is 8, and an - authentication tag with a length of 8 octets (64 bits) is used. - An AEAD_AES_256_GCM_8 ciphertext is exactly 8 octets longer than its - corresponding plaintext. - - - AEAD_AES_128_GCM_8 - ____________________________________________________________________________ - This algorithm is identical to AEAD_AES_128_GCM (see Section 5.1 of - [RFC5116]), except that the tag length, t, is 8, and an - authentication tag with a length of 8 octets (64 bits) is used. - An AEAD_AES_128_GCM_8 ciphertext is exactly 8 octets longer than its - corresponding plaintext. - - - AES_CM_256_HMAC_SHA1_80 | AES_CM_192_HMAC_SHA1_80 | AES_CM_128_HMAC_SHA1_80 - ____________________________________________________________________________ - AES_CM_128_HMAC_SHA1_80 is the SRTP default AES Counter Mode cipher - and HMAC-SHA1 message authentication with an 80-bit authentication - tag. The master-key length is 128 bits and has a default lifetime of - a maximum of 2^48 SRTP packets or 2^31 SRTCP packets, whichever comes - first. - - - AES_CM_256_HMAC_SHA1_32 | AES_CM_192_HMAC_SHA1_32 | AES_CM_128_HMAC_SHA1_32 - ____________________________________________________________________________ - This crypto-suite is identical to AES_CM_128_HMAC_SHA1_80 except that - the authentication tag is 32 bits. The length of the base64-decoded key and - salt value for this crypto-suite MUST be 30 octets i.e., 240 bits; otherwise, - the crypto attribute is considered invalid. - - - AES_CM_128_NULL_AUTH - ____________________________________________________________________________ - The SRTP default cipher (AES-128 Counter Mode), but to use no authentication - method. This policy is NOT RECOMMENDED unless it is unavoidable; see - Section 7.5 of [RFC3711]. - - - SRTP variables that modify behaviors based on direction/leg: - - rtp_secure_media - ____________________________________________________________________________ - possible values: - mandatory - Accept/Offer SAVP negotiation ONLY - optional - Accept/Offer SAVP/AVP with SAVP preferred - forbidden - More useful for inbound to deny SAVP negotiation - false - implies forbidden - true - implies mandatory - - default if not set is accept SAVP inbound if offered. - - - rtp_secure_media_inbound | rtp_secure_media_outbound - ____________________________________________________________________________ - This is the same as rtp_secure_media, but would apply to either inbound - or outbound offers specifically. - - - How to specify crypto suites: - ____________________________________________________________________________ - By default without specifying any crypto suites FreeSWITCH will offer - crypto suites from strongest to weakest accepting the strongest each - endpoint has in common. If you wish to force specific crypto suites you - can do so by appending the suites in a comma separated list in the order - that you wish to offer them in. - - Examples: - - rtp_secure_media=mandatory:AES_CM_256_HMAC_SHA1_80,AES_CM_256_HMAC_SHA1_32 - rtp_secure_media=true:AES_CM_256_HMAC_SHA1_80,AES_CM_256_HMAC_SHA1_32 - rtp_secure_media=optional:AES_CM_256_HMAC_SHA1_80 - rtp_secure_media=true:AES_CM_256_HMAC_SHA1_80 - - Additionally you can narrow this down on either inbound or outbound by - specifying as so: - - rtp_secure_media_inbound=true:AEAD_AES_256_GCM_8 - rtp_secure_media_inbound=mandatory:AEAD_AES_256_GCM_8 - rtp_secure_media_outbound=true:AEAD_AES_128_GCM_8 - rtp_secure_media_outbound=optional:AEAD_AES_128_GCM_8 - - - rtp_secure_media_suites - ____________________________________________________________________________ - Optionaly you can use rtp_secure_media_suites to dictate the suite list - and only use rtp_secure_media=[optional|mandatory|false|true] without having - to dictate the suite list with the rtp_secure_media* variables. - --> - <!-- - Examples of codec options: (module must be compiled and loaded) - - codecname[@8000h|16000h|32000h[@XXi]] - - XX is the frame size must be multples allowed for the codec - FreeSWITCH can support 10-120ms on some codecs. - We do not support exceeding the MTU of the RTP packet. - - - iLBC@30i - iLBC using mode=30 which will win in all cases. - DVI4@8000h@20i - IMA ADPCM 8kHz using 20ms ptime. (multiples of 10) - DVI4@16000h@40i - IMA ADPCM 16kHz using 40ms ptime. (multiples of 10) - speex@8000h@20i - Speex 8kHz using 20ms ptime. - speex@16000h@20i - Speex 16kHz using 20ms ptime. - speex@32000h@20i - Speex 32kHz using 20ms ptime. - BV16 - BroadVoice 16kb/s narrowband, 8kHz - BV32 - BroadVoice 32kb/s wideband, 16kHz - G7221@16000h - G722.1 16kHz (aka Siren 7) - G7221@32000h - G722.1C 32kHz (aka Siren 14) - CELT@32000h - CELT 32kHz, only 10ms supported - CELT@48000h - CELT 48kHz, only 10ms supported - GSM@40i - GSM 8kHz using 40ms ptime. (GSM is done in multiples of 20, Default is 20ms) - G722 - G722 16kHz using default 20ms ptime. (multiples of 10) - PCMU - G711 8kHz ulaw using default 20ms ptime. (multiples of 10) - PCMA - G711 8kHz alaw using default 20ms ptime. (multiples of 10) - G726-16 - G726 16kbit adpcm using default 20ms ptime. (multiples of 10) - G726-24 - G726 24kbit adpcm using default 20ms ptime. (multiples of 10) - G726-32 - G726 32kbit adpcm using default 20ms ptime. (multiples of 10) - G726-40 - G726 40kbit adpcm using default 20ms ptime. (multiples of 10) - AAL2-G726-16 - Same as G726-16 but using AAL2 packing. (multiples of 10) - AAL2-G726-24 - Same as G726-24 but using AAL2 packing. (multiples of 10) - AAL2-G726-32 - Same as G726-32 but using AAL2 packing. (multiples of 10) - AAL2-G726-40 - Same as G726-40 but using AAL2 packing. (multiples of 10) - LPC - LPC10 using 90ms ptime (only supports 90ms at this time in FreeSWITCH) - L16 - L16 isn't recommended for VoIP but you can do it. L16 can exceed the MTU rather quickly. - - These are the passthru audio codecs: - - G729 - G729 in passthru mode. (mod_g729) - G723 - G723.1 in passthru mode. (mod_g723_1) - AMR - AMR in passthru mode. (mod_amr) - - These are the passthru video codecs: (mod_h26x) - - H261 - H.261 Video - H263 - H.263 Video - H263-1998 - H.263-1998 Video - H263-2000 - H.263-2000 Video - H264 - H.264 Video - - RTP Dynamic Payload Numbers currently used in FreeSWITCH and their purpose. - - 96 - AMR - 97 - iLBC (30) - 98 - iLBC (20) - 99 - Speex 8kHz, 16kHz, 32kHz - 100 - - 101 - telephone-event - 102 - - 103 - - 104 - - 105 - - 106 - BV16 - 107 - G722.1 (16kHz) - 108 - - 109 - - 110 - - 111 - - 112 - - 113 - - 114 - CELT 32kHz, 48kHz - 115 - G722.1C (32kHz) - 116 - - 117 - SILK 8kHz - 118 - SILK 12kHz - 119 - SILK 16kHz - 120 - SILK 24kHz - 121 - AAL2-G726-40 && G726-40 - 122 - AAL2-G726-32 && G726-32 - 123 - AAL2-G726-24 && G726-24 - 124 - AAL2-G726-16 && G726-16 - 125 - - 126 - - 127 - BV32 - - --> - <X-PRE-PROCESS cmd="set" data="global_codec_prefs=OPUS,G722,PCMU,PCMA,H264,VP8"/> - <X-PRE-PROCESS cmd="set" data="outbound_codec_prefs=OPUS,G722,PCMU,PCMA,H264,VP8"/> - - <!-- - xmpp_client_profile and xmpp_server_profile - xmpp_client_profile can be any string. - xmpp_server_profile is appended to "dingaling_" to form the database name - containing the "subscriptions" table. - used by: dingaling.conf.xml enum.conf.xml - --> - - <X-PRE-PROCESS cmd="set" data="xmpp_client_profile=xmppc"/> - <X-PRE-PROCESS cmd="set" data="xmpp_server_profile=xmpps"/> - <!-- - THIS IS ONLY USED FOR DINGALING - - bind_server_ip - - Can be an ip address, a dns name, or "auto". - This determines an ip address available on this host to bind. - If you are separating RTP and SIP traffic, you will want to have - use different addresses where this variable appears. - Used by: dingaling.conf.xml - --> - <X-PRE-PROCESS cmd="set" data="bind_server_ip=auto"/> - - <!-- NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE - - If you're going to load test FreeSWITCH please input real IP addresses - for external_rtp_ip and external_sip_ip - --> - - <!-- external_rtp_ip - Can be an one of: - ip address: "12.34.56.78" - a stun server lookup: "stun:stun.server.com" - a DNS name: "host:host.server.com" - where fs.mydomain.com is a DNS A record-useful when fs is on - a dynamic IP address, and uses a dynamic DNS updater. - If unspecified, the bind_server_ip value is used. - Used by: sofia.conf.xml dingaling.conf.xml - --> - <X-PRE-PROCESS cmd="stun-set" data="external_rtp_ip=<%= @freeswitch_address %>"/> - - <!-- external_sip_ip - Used as the public IP address for SDP. - Can be an one of: - ip address: "12.34.56.78" - a stun server lookup: "stun:stun.server.com" - a DNS name: "host:host.server.com" - where fs.mydomain.com is a DNS A record-useful when fs is on - a dynamic IP address, and uses a dynamic DNS updater. - If unspecified, the bind_server_ip value is used. - Used by: sofia.conf.xml dingaling.conf.xml - --> - <X-PRE-PROCESS cmd="stun-set" data="external_sip_ip=<%= @freeswitch_address %>"/> - - <!-- unroll-loops - Used to turn on sip loopback unrolling. - --> - <X-PRE-PROCESS cmd="set" data="unroll_loops=true"/> - - <!-- outbound_caller_id and outbound_caller_name - The caller ID telephone number we should use when calling out. - Used by: conference.conf.xml and user directory for default - outbound callerid name and number. - --> - <X-PRE-PROCESS cmd="set" data="outbound_caller_name=FreeSWITCH"/> - <X-PRE-PROCESS cmd="set" data="outbound_caller_id=0000000000"/> - - <!-- various debug and defaults --> - <X-PRE-PROCESS cmd="set" data="call_debug=false"/> - <X-PRE-PROCESS cmd="set" data="console_loglevel=info"/> - <X-PRE-PROCESS cmd="set" data="default_areacode=918"/> - <X-PRE-PROCESS cmd="set" data="default_country=US"/> - - <!-- if false or undefined, the destination number is included in presence NOTIFY dm:note. - if true, the destination number is not included --> - <X-PRE-PROCESS cmd="set" data="presence_privacy=false"/> - - <X-PRE-PROCESS cmd="set" data="au-ring=%(400,200,383,417);%(400,2000,383,417)"/> - <X-PRE-PROCESS cmd="set" data="be-ring=%(1000,3000,425)"/> - <X-PRE-PROCESS cmd="set" data="ca-ring=%(2000,4000,440,480)"/> - <X-PRE-PROCESS cmd="set" data="cn-ring=%(1000,4000,450)"/> - <X-PRE-PROCESS cmd="set" data="cy-ring=%(1500,3000,425)"/> - <X-PRE-PROCESS cmd="set" data="cz-ring=%(1000,4000,425)"/> - <X-PRE-PROCESS cmd="set" data="de-ring=%(1000,4000,425)"/> - <X-PRE-PROCESS cmd="set" data="dk-ring=%(1000,4000,425)"/> - <X-PRE-PROCESS cmd="set" data="dz-ring=%(1500,3500,425)"/> - <X-PRE-PROCESS cmd="set" data="eg-ring=%(2000,1000,475,375)"/> - <X-PRE-PROCESS cmd="set" data="es-ring=%(1500,3000,425)"/> - <X-PRE-PROCESS cmd="set" data="fi-ring=%(1000,4000,425)"/> - <X-PRE-PROCESS cmd="set" data="fr-ring=%(1500,3500,440)"/> - <X-PRE-PROCESS cmd="set" data="hk-ring=%(400,200,440,480);%(400,3000,440,480)"/> - <X-PRE-PROCESS cmd="set" data="hu-ring=%(1250,3750,425)"/> - <X-PRE-PROCESS cmd="set" data="il-ring=%(1000,3000,400)"/> - <X-PRE-PROCESS cmd="set" data="in-ring=%(400,200,425,375);%(400,2000,425,375)"/> - <X-PRE-PROCESS cmd="set" data="jp-ring=%(1000,2000,420,380)"/> - <X-PRE-PROCESS cmd="set" data="ko-ring=%(1000,2000,440,480)"/> - <X-PRE-PROCESS cmd="set" data="pk-ring=%(1000,2000,400)"/> - <X-PRE-PROCESS cmd="set" data="pl-ring=%(1000,4000,425)"/> - <X-PRE-PROCESS cmd="set" data="ro-ring=%(1850,4150,475,425)"/> - <X-PRE-PROCESS cmd="set" data="rs-ring=%(1000,4000,425)"/> - <X-PRE-PROCESS cmd="set" data="ru-ring=%(800,3200,425)"/> - <X-PRE-PROCESS cmd="set" data="sa-ring=%(1200,4600,425)"/> - <X-PRE-PROCESS cmd="set" data="tr-ring=%(2000,4000,450)"/> - <X-PRE-PROCESS cmd="set" data="uk-ring=%(400,200,400,450);%(400,2000,400,450)"/> - <X-PRE-PROCESS cmd="set" data="us-ring=%(2000,4000,440,480)"/> - <X-PRE-PROCESS cmd="set" data="bong-ring=v=-7;%(100,0,941.0,1477.0);v=-7;>=2;+=.1;%(1400,0,350,440)"/> - <X-PRE-PROCESS cmd="set" data="beep=%(1000,0,640)"/> - <X-PRE-PROCESS cmd="set" data="sit=%(274,0,913.8);%(274,0,1370.6);%(380,0,1776.7)"/> - - <!-- - Digits Dialed filter: (FS-6940) - - The digits stream may contain valid credit card numbers or social security numbers, These digit - filters will allow you to make a valant effort to stamp out sensitive information for - PCI/HIPPA compliance. (see xml_cdr dialed_digits) - - df_us_ssn = US Social Security Number pattern - df_us_luhn = Visa, MasterCard, American Express, Diners Club, Discover and JCB - --> - <X-PRE-PROCESS cmd="set" data="df_us_ssn=(?!219099999|078051120)(?!666|000|9\d{2})\d{3}(?!00)\d{2}(?!0{4})\d{4}"/> - <X-PRE-PROCESS cmd="set" data="df_luhn=?:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14}|3[47][0-9]{13}|3(?:0[0-5]|[68][0-9])[0-9]{11}|6(?:011|5[0-9]{2})[0-9]{12}|(?:2131|1800|35\d{3})\d{11}"/> - <!-- change XX to X below to enable --> - <XX-PRE-PROCESS cmd="set" data="digits_dialed_filter=(($${df_luhn})|($${df_us_ssn}))"/> - - <!-- - Setting up your default sip provider is easy. - Below are some values that should work in most cases. - - These are for conf/directory/default/example.com.xml - --> - <X-PRE-PROCESS cmd="set" data="default_provider=example.com"/> - <X-PRE-PROCESS cmd="set" data="default_provider_username=joeuser"/> - <X-PRE-PROCESS cmd="set" data="default_provider_password=password"/> - <X-PRE-PROCESS cmd="set" data="default_provider_from_domain=example.com"/> - <!-- true or false --> - <X-PRE-PROCESS cmd="set" data="default_provider_register=false"/> - <X-PRE-PROCESS cmd="set" data="default_provider_contact=5000"/> - - <!-- - SIP and TLS settings. http://wiki.freeswitch.org/wiki/Tls - - valid options: sslv2,sslv3,sslv23,tlsv1,tlsv1.1,tlsv1.2 - - default: tlsv1,tlsv1.1,tlsv1.2 - --> - <X-PRE-PROCESS cmd="set" data="sip_tls_version=tlsv1,tlsv1.1,tlsv1.2"/> - - <!-- - TLS cipher suite: default ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH - - The actual ciphers supported will change per platform. - - openssl ciphers -v 'ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH' - - Will show you what is available in your verion of openssl. - --> - <X-PRE-PROCESS cmd="set" data="sip_tls_ciphers=ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"/> - - <!-- Internal SIP Profile --> - <X-PRE-PROCESS cmd="set" data="internal_auth_calls=true"/> - <X-PRE-PROCESS cmd="set" data="internal_sip_port=5060"/> - <X-PRE-PROCESS cmd="set" data="internal_tls_port=5061"/> - <X-PRE-PROCESS cmd="set" data="internal_ssl_enable=true"/> - - <!-- External SIP Profile --> - <X-PRE-PROCESS cmd="set" data="external_auth_calls=false"/> - <X-PRE-PROCESS cmd="set" data="external_sip_port=5080"/> - <X-PRE-PROCESS cmd="set" data="external_tls_port=5081"/> - <X-PRE-PROCESS cmd="set" data="external_ssl_enable=false"/> - - <!-- Video Settings --> - <!-- Setting the max bandwdith --> - <X-PRE-PROCESS cmd="set" data="rtp_video_max_bandwidth_in=3mb"/> - <X-PRE-PROCESS cmd="set" data="rtp_video_max_bandwidth_out=3mb"/> - - <!-- WebRTC Video --> - <!-- Suppress CNG for WebRTC Audio --> - <X-PRE-PROCESS cmd="set" data="suppress_cng=true"/> - <!-- Enable liberal DTMF for those that can't get it right --> - <X-PRE-PROCESS cmd="set" data="rtp_liberal_dtmf=true"/> - <!-- Helps with WebRTC Audio --> - - <!-- Stock Video Avatars --> - <X-PRE-PROCESS cmd="set" data="video_mute_png=$${images_dir}/default-mute.png"/> - <X-PRE-PROCESS cmd="set" data="video_no_avatar_png=$${images_dir}/default-avatar.png"/> - -</include> |