## ## This is the default Flexisip (v2.4.2-30-g42e30f2d) configuration ## file ## ## ## Some global settings of the flexisip proxy. ## [global] # Servers started by default when '--server' is not specified in # the command line. Possible values are: 'proxy', 'presence', 'conference', # 'regevent' and 'b2bua'. Each value must be separated by a whitespace. # Default: proxy #default-servers=proxy # Automatically respawn Flexisip in case of abnormal termination # (crashes). This only has an effect if Flexisip is launched with # '--daemon' option # Default: true #auto-respawn=true # Path to the directory that contains plugins. # Default: /opt/belledonne-communications/lib64/flexisip/plugins #plugins-dir=/opt/belledonne-communications/lib64/flexisip/plugins # Plugins to load. # The list of installed plugins can be found at /lib/flexisip/plugins. # The name of a plugin can be built from the corresponding library # name by removing the extension and the 'lib' prefix. # Example: 'jweauth' will load libjweauth.so at runtime. # Default: #plugins= # Generate a core dump on crash. # On GNU/Linux, the action to do on core dump is defined by the # kernel file '/proc/sys/kernel/core_pattern'. # On recent distributions like RHEL 8, the generated core dumps # are given by default to the core manager of SystemD. Core dumps # can easily be listed by using the coredumpctl(1) command. # On older distributions, core dumps are often written in the root # ('/') directory. If your root directory has little available space, # it is recommended to relocate your core dumps in another place # by modifying the 'core_pattern' file on system boot. This can # be done by adding the following line in '/etc/rc.local': # echo '/home/cores/core.%e.%t.%p' > /proc/sys/kernel/core_pattern # # See core(5) manual for more information about core handling on # GNU/Linux. # Default: false #dump-corefiles=false # Enable SNMP. # Default: false #enable-snmp=false # Path to the directory where log files will be created. # WARNING: Flexisip has no embedded log rotation system but provides # a configuration file for logrotate. # Please make sure that logrotate is installed and running on your # system in order to have Flexisip's logs rotated. Log rotation # can be customized by editing /etc/logrotate.d/flexisip-logrotate. # Default: /var/opt/belledonne-communications/log/flexisip #log-directory=/var/opt/belledonne-communications/log/flexisip # Name of the log file # .The string '{server}' is a placeholder that is replaced with # the corresponding server type. If several server types are specified, # then '{server}' will be replaced by the concatenation of all server # types separated by a '+' character. # Example: 'proxy+presence'. # Default: flexisip-{server}.log #log-filename=flexisip-{server}.log # Logging verbosity. # Possible values are: 'debug', 'message', 'warning' and 'error' # Default: error #log-level=error # Syslog logging verbosity. # Possible values are: 'debug', 'message', 'warning' and 'error' # Default: error #syslog-level=error # Sofia-SIP logging verbosity. # These logs are only displayed if 'log-level' is set to 'debug' # or if the program is started with the '-d' (--debug) option. The # verbosity levels range from 1 to 9: # 1 -> Critical errors # 2 -> Non-critical errors # 3 -> Warnings and progress messages # 5 -> Signaling protocol actions # 7 -> Media protocol actions # 9 -> Entering/exiting functions # Default: 5 #sofia-level=5 # Log user errors (on a different logging domain). # Examples: authentication operations, registration events, requests # routing, etc... # Default: false #user-errors-logs=false # A boolean expression applied to the processing of all SIP requests. # When the expression evaluates to 'true', use the 'contextual-log-level' # logging level for all the logs generated during the processing # of the current request. This is useful to debug a certain scenario # on a production environment. # The definition of SIP boolean expressions is the same as for entry # filters of modules, which is documented here: https://wiki.linphone.org/xwiki/wiki/public/view/Flexisip/Configuration/Filter%20syntax/ # Default: #contextual-log-filter= # Logging verbosity of contextual logs. # Default: debug #contextual-log-level=debug # A boolean expression applied to the processing of all SIP requests. # When the expression evaluates to 'true', log the request body. # Cannot be empty, use 'true' or 'false' instead. # The definition of SIP boolean expressions is documented here: # https://wiki.linphone.org/xwiki/wiki/public/view/Flexisip/Configuration/Filter%20syntax/ # Example: content-type == 'application/sdp' && request.method == # 'MESSAGE' # Default: content-type == 'application/sdp' #show-body-for=content-type == 'application/sdp' # List of whitespace separated SIP URIs where the proxy must listen. # Wildcard (*) means 'all local ip addresses'. If the 'transport' # parameter is not specified, the server will listen on both UDP # and TCP transports. A local address to bind onto can be specified # using the 'maddr' SIP URI parameter. The domain part of SIP URIs # are used as public domain or ip address. # The 'sips' transport definition accepts some optional parameters: # - 'tls-certificates-dir': path, has the same meaning as the 'tls-certificates-dir' # parameter of this section (overriding only applies for the current # SIP URI). # - 'tls-certificates-file': file path, has the same meaning as # the 'tls-certificates-file' parameter of this section (overriding # only applies for the current SIP URI). # - 'tls-certificates-private-key': file path, has the same meaning # as the 'tls-certificates-private-key' parameter of this section # (overriding only applies for the current SIP URI). # - 'tls-certificates-ca-file': file path, has the same meaning # as the 'tls-certificates-ca-file' parameter of this section (overriding # only applies for the current SIP URI). # - 'tls-verify-incoming': value in {'0', '1'}, indicates whether # clients are required to present a valid client certificate or # not (defaults to '0'). # - 'tls-allow-missing-client-certificate': value in {'0', '1'}, # allow connections from clients that have no certificate even if # `tls-verify-incoming` is enabled (useful if you want Flexisip # to ask for a client certificate but do not fail if the client # cannot provide one). # - 'tls-verify-outgoing': value in {'0', '1'}, whether Flexisip # should verify the peer certificate when it creates an outgoing # TLS connection to another server (defaults to '1'). # - 'require-peer-certificate': (deprecated) same as 'tls-verify-incoming' # # It is HIGHLY RECOMMENDED to specify a canonical name for 'sips' # transports, so that the proxy can advertise this information in # 'Record-Route' headers, which allows TLS cname verifications to # be performed by clients. # Specifying a SIP URI with 'transport=tls' is not allowed: the # 'sips' scheme must be used instead. As requested by SIP RFC, IPv6 # addresses must be enclosed within brackets. # # Here are some examples to understand: # - listen on all local interfaces for UDP and TCP, on standard # port: # transports=sip:* # - listen on all local interfaces for UDP, TCP and TLS, on standard # ports: # transports=sip:* sips:* # - listen only a specific IPv6 interface, on standard ports, with # UDP, TCP and TLS # transports=sip:[2a01:e34:edc3:4d0:7dac:4a4f:22b6:2083] sips:[2a01:e34:edc3:4d0:7dac:4a4f:22b6:2083] # - listen on TLS localhost with 2 different ports and SSL certificates: # transports=sips:localhost:5061;tls-certificates-dir=path_a sips:localhost:5062;tls-certificates-dir=path_b # - listen on TLS localhost with 2 peer certificate requirements: # transports=sips:localhost:5061;tls-verify-incoming=0 sips:localhost:5062;tls-verify-incoming=1 # - listen on 192.168.0.29:6060 with TLS, but public hostname is # 'sip.linphone.org' used in SIP requests. Bind address won't appear # in requests: # transports=sips:sip.linphone.org:6060;maddr=192.168.0.29 # Default: sip:* transports=sips:<%= @flexisip_domain %>;maddr=* # List of whitespace separated host names pointing to this machine. # This is to prevent loops while routing SIP requests. # Default: localhost aliases=<%= @flexisip_domain %> # Time interval after which inactive connections are closed. # Default: 3600 # Default unit: second #idle-timeout=3600 # Time interval for sending "\r\n\r\n" keepalive packets on inbound # and outbound connections. # The main purpose of sending keepalive packets is to keep connections # alive across NATs. It also helps to detect silently broken connections # which can reduce the number of socket descriptors used by Flexisip. # A value of zero deactivates this feature # Default: 1800 # Default unit: second #keepalive-interval=1800 # Time interval for sending "\r\n\r\n" keepalive packets for proxy-to-proxy # connections. # Indeed, while it is undesirable to send frequent keepalive packets # to mobile clients (it drains their battery), sending frequent # keepalive packets has proven to be helpful to keep connections # up between proxy nodes in a very popular US virtualized datacenter. # A value of zero deactivates this feature. # Default: 0 # Default unit: second #proxy-to-proxy-keepalive-interval=0 # SIP transaction timeout. # Set to T1*64 by default. # Default: 32000 # Default unit: millisecond #transaction-timeout=32000 # The UDP MTU. # Flexisip will fallback to TCP when sending a request whose size # exceeds the UDP MTU. Please read https://sofia-sip.sourceforge.net/refdocs/nta/nta__tag_8h.html#a6f51c1ff713ed4b285e95235c4cc999a # for more details. If sending large packets over UDP is not a problem, # then set a big value such as 65535. Unlike the recommendation # of the RFC, the default value of UDP MTU is 1460 in Flexisip (instead # of 1300). # Default: 1460 #udp-mtu=1460 # Maximum number of bytes read at once when extracting data from # a TCP socket. WARNING: a SIP request (headers + body) cannot exceed # this amount of bytes otherwise the parsing will fail # Default: 524288 #tcp-max-read-size=524288 # Bind address for all RTP streams (MediaRelay and Transcoder). # This parameter is only useful for some specific networks, keeping # the default value is recommended. # Default: 0.0.0.0 ::0 #rtp-bind-address=0.0.0.0 ::0 # Path to the file containing the server certificate chain. # The file must be in PEM format, see OpenSSL SSL_CTX_use_certificate_chain_file # documentation. If used, 'tls-certificates-private-key' MUST be # set. # Default: tls-certificates-file=/etc/pki/tls/certs/localhost.crt # Path to the file containing the private key. # See OpenSSL SSL_CTX_use_PrivateKey_file documentation. If used, # 'tls-certificates-file' MUST be set. # Default: tls-certificates-private-key=/etc/pki/tls/private/localhost.key # Path to the file containing CA certificates. # See OpenSSL SSL_CTX_load_verify_locations and SSL_CTX_set_client_CA_list # documentation. Can be empty. # Default: #tls-certificates-ca-file= # Cipher strings to pass to OpenSSL in order to limit the cipher # suites to use while establishing TLS sessions. # Please take a look at ciphers(1) UNIX manual to get the list of # supported keywords by your current version of OpenSSL. You might # visit https://www.openssl.org/docs/manmaster/man1/ciphers.html # too. The default value set by Flexisip should provide a high level # of security while keeping an acceptable level of interoperability # with currently deployed clients on the market. # Default: HIGH:!SSLv2:!SSLv3:!TLSv1:!EXP:!ADH:!RC4:!3DES:!aNULL:!eNULL #tls-ciphers=HIGH:!SSLv2:!SSLv3:!TLSv1:!EXP:!ADH:!RC4:!3DES:!aNULL:!eNULL # Ask for client certificate on TLS session establishing. # Default: false #require-peer-certificate=false # Unique ID used to identify this Flexisip instance. # It must be a randomly generated 16-sized hexadecimal number. If # empty, it will be generated each time Flexisip starts. # Default: #unique-id= # Number of SIP requests that Sofia-SIP can queue in a transport # (a connection). It is 64 by default, hardcoded in Sofia-SIP (Sofia-SIP # also used to hardcode a maximum value of 1000). This is not sufficient # for instant messaging applications. # Default: 1000 #tport-message-queue-size=1000 # Interval between logs about server memory usage. # This feature periodically logs the value occupied in RAM by the # process (VmRSS). These logs use debug level. # Only works on Linux. # Set to 0 in order to disable the feature. # Default: 0 # Default unit: second #memory-usage-log-interval=0 ## ## This section contains some parameters useful when the current ## proxy is part of a network of proxies (cluster) which serve the ## same domain. ## [cluster] # Enable cluster mode. # If 'false', the parameters of the [cluster] section will not have # any effect. # Default: false #enabled=false # Domain name that enables external SIP agents to access to the # cluster. # Such domain is often associated to DNS SRV records for each proxy # of the cluster, so that DNS resolution returns the address of # a specific proxy randomly. # Flexisip uses that domain when it needs to insert a 'Path' or # 'Record-route' header addressing the cluster instead of itself. # Default: #cluster-domain= # List of IP addresses of all the proxies present in the cluster. # SIP requests coming from these addresses won't be challenged by # the authentication module and will not be limited by the DosProtection # module. # Default: #nodes= # Transport to use for communication with the other proxies of the # cluster. # This is only useful when no transport declared in 'global/transport' # parameter can be used to reach the other proxies (e.g. when inter-proxy # communications are to be made through a private network). # Example: sip:10.0.0.8:5059;transport=tcp # Default: #internal-transport= ## ## Should the server be registered on a local domain, to be accessible ## via multicast DNS. ## [mdns-register] # Enable multicast DNS register # Default: false #enabled=false # Priority of this instance, lower value means more 'preferred'. # 'n': priority of n (example: 10) # 'n-m': random priority between n and m (example: 10-50) # Default: 0 #mdns-priority=0 # A relative weight for Flexisip instances with the same priority. # Higher values means more 'preferred'. # For example, if two Flexisip instances are registered on the same # local domain with one at '20' and the other at '80', then 20% # of the traffic will be redirected to the first instance and 80% # to the other one. # The sum of all the weights of Flexisip instances on the same local # domain must be 100. # Default: 100 #mdns-weight=100 # Time To Live of any mDNS query that will ask for this Flexisip # instance # Default: 3600 # Default unit: millisecond #mdns-ttl=3600 ## ## Event logs contain per domain and user information about processed ## registrations, calls and messages. ## See: https://wiki.linphone.org/xwiki/wiki/public/view/Flexisip/Event%20logs%20and%20queries/ ## for architecture and queries. ## [event-logs] # Enable event logs. # Default: false #enabled=false # Define logger for storing logs. It supports "filesystem", "database" # and "flexiapi". # Default: filesystem #logger=filesystem # Directory where event logs are written as a filesystem (case when # filesystem output is chosen). # Default: /var/log/flexisip #filesystem-directory=/var/log/flexisip # Type of backend that Soci will use for the connection. # Depending on your Soci package and the modules you installed, # the supported databases are:`mysql`, `sqlite3` and `postgresql` # Default: mysql #database-backend=mysql # Configuration parameters of the backend. # The basic format is "key=value key2=value2". For a mysql backend, # this is a valid config: "db=mydb user=user password='pass' host=myhost.com". # Please refer to the Soci documentation of your backend, for instance: # http://soci.sourceforge.net/doc/master/backends/#supported-backends-and-features # Default: db='mydb' user='myuser' password='mypass' host='myhost.com' #database-connection-string=db='mydb' user='myuser' password='mypass' host='myhost.com' # Amount of queries that will be allowed to be queued before bailing # password requests. # This value should be chosen accordingly with 'database-nb-threads-max', # so that you have a coherent behavior. # This limit is here mainly as a safeguard against out-of-control # growth of the queue in the event of a flood or big delays in the # database backend. # Default: 100 #database-max-queue-size=100 # Maximum number of threads for writing in database. # If you get a `database is locked` error with sqlite3, you must # set this variable to 1. # Default: 10 #database-nb-threads-max=10 # Domain name or IP address of the FlexiAPI host. This setting will # be used in combination with flexiapi-port and -prefix to contact # the API located at : # Default: localhost #flexiapi-host=localhost # Port on the FlexiAPI host. See `flexiapi-host` for details. # Default: 443 #flexiapi-port=443 # Path prefix for FlexiAPI requests. See `flexiapi-host` for details. # Default: /api/stats/ #flexiapi-prefix=/api/stats/ # API authentication key for the FlexiAPI # Default: #flexiapi-api-key= ## ## STUN server parameters. ## [stun-server] # Enable or disable stun server. # Default: true #enabled=true # Local ip address where to bind the socket. # Default: 0.0.0.0 #bind-address=0.0.0.0 # STUN server port number. # Default: 3478 #port=3478 ## ## Flexisip presence server parameters. ## [presence-server] # Enable presence server # Default: true #enabled=true # List of white space separated SIP URIs where the presence server # must listen. Must not be tls. # Default: sip:127.0.0.1:5065;transport=tcp #transports=sip:127.0.0.1:5065;transport=tcp # Default expires of PUBLISH request. # Default: 600 # Default unit: second #expires=600 # Max number of presentity sent in a single NOTIFY by default. # Default: 200 #notify-limit=200 # Enable long-term presence notifies # Default: false #long-term-enabled=false # Soci connection string for the resource list database. # Default: #rls-database-connection= # SQL request to obtain the list of the users corresponding to an # resource list subscription. # Named parameters are: # * ':from' : the URI of the sender of the SUBSCRIBE. (mandatory) # * ':to' : the URI of the users list which the sender want to # subscribe to. (mandatory) # # Default: #rls-database-request= # Max number of threads. # Default: 50 #rls-database-max-thread=50 # Max legnth of threads queue. # Default: 50 #rls-database-max-thread-queue-size=50 # Soci SQL request used to obtain the username associated with a # phone alias. # The string MUST contains the ':phone' keyword which will be replaced # by the phone number to look for. # The result of the request is a 1x1 table containing the name of # the user associated with the phone number. # # Example: select login from accounts where phone = :phone # Default: #soci-user-with-phone-request= # Same as 'soci-user-with-phone-request' but allows to fetch several # users by a unique SQL request. # The string MUST contains the ':phones' keyword which will be replaced # by the list of phone numbers to look for. Each element of the # list is seperated by a comma character and is protected by simple # quotes (e.g. '0336xxxxxxxx','0337yyyyyyyy','034zzzzzzzzz'). # If you use phone number linked accounts you'll need to select # login, domain, phone in your request for flexisip to work. # Example: select login, domain, phone from accounts where phone # in (:phones) # Default: #soci-users-with-phones-request= # Maximum number of presence element by identity saved in memory. # Default: 10 #max-presence-elements=10 # Duration in milliseconds during which the last activity is kept # in memory. Default is 1 day. # Default: 86400000 #last-activity-retention-time=86400000 ## ## Flexisip conference server parameters. ## The Flexisip conference server manages group chat and audio/video ## conferences. ## It follows the concepts of RFC4579 for conference establishment ## and management. Factory and focus URIs must be configured. ## The server requires a MariaDB/MySQL database in order to store ## chatroom or conference states (participants and their devices). ## For chatting capabilities, the server requires a Registrar backend ## (see section module::Registrar) to discover devices (or client ## instances) of each participant. This requirement creates an explicit ## dependency on the Flexisip proxy server. Please note that this ## dependency is not required for audio/video conferences. ## [conference-server] # Enable conference server # Default: true #enabled=true # Unique SIP URI on which the server is listening. # Default: sip:127.0.0.1:6064;transport=tcp #transport=sip:127.0.0.1:6064;transport=tcp # List of SIP URIs used by clients to create conferences. This implicitly # defines the list of SIP domains managed by the conference server. # Example: # sip:conference-factory@sip.linphone.org sip:conference-factory@sip.linhome.org # Default: #conference-factory-uris= # List of template focus URIs to use when conferences are created # through the conference factory. # Focus URIs are unique SIP URIs targeting a specific conference. # A 'conf-id' URI parameter providing uniqueness is automatically # appended at runtime. Example, setting: # conference-focus-uris=sip:conference-focus@sip.linphone.org # instructs the server to generate conference URIs in the form of # 'sip:conference-focus@sip.linphone.org;conf-id=' # when a client requests to create a conference. # Default: #conference-focus-uris= # The SIP proxy URI to which the server will send all outgoing requests. # Default: sip:127.0.0.1:5060;transport=tcp #outbound-proxy=sip:127.0.0.1:5060;transport=tcp # Domains managed by the local SIP service, i.e. domains for which # user registration information can be found directly in the local # registrar database (Redis database). # For external domains (not in this list), a 'reg' SUBSCRIBE (RFC3680) # will be emitted. It is not necessary to list domains that appear # in the 'conference-factory-uris' property. They are assumed to # be local domains already. # Example: sip.linphone.org conf.linphone.org linhome.org # Default: #local-domains= # Audio port to use for RTP and RTCP traffic. You can set a specific # port, a range of ports or let the server ask the kernel for an # available port (special value: 0). # Examples: 'audio-port=0' or 'audio-port=12345' or 'audio-port=1024-65535' # Default: 0 #audio-port=0 # Video port to use for RTP and RTCP traffic. You can set a specific # port, a range of ports or let the server ask the kernel for an # available port (special value: 0). # Examples: 'video-port=0' or 'video-port=12345' or 'video-port=1024-65535' # Default: 0 #video-port=0 # Type of database the server will use to store chat room and conference # data. Provided that the required Soci modules are installed, the # supported databases are: `mysql`, `sqlite3` # Default: mysql #database-backend=mysql # Configuration parameters of the database to store chat room and # conference data. # The basic format is "key=value key2=value2".For MySQL, the following # is a valid configuration: db='mydb' user='myuser' password='mypass' # host='myhost.com'. # Please refer to the Soci documentation of your selected backend: # https://soci.sourceforge.net/doc/release/3.2/backends/mysql.html # https://soci.sourceforge.net/doc/release/3.2/backends/sqlite3.html # Default: db='mydb' user='myuser' password='mypass' host='myhost.com' #database-connection-string=db='mydb' user='myuser' password='mypass' host='myhost.com' # True to make the server check device capabilities before inviting # them to a session. # The capability check is currently limited to Linphone clients # that put a '+org.linphone.specs' contact parameter. This parameter # indicates whether they support group chat and secured group chat # or not. # Default: true #check-capabilities=true # List of media types supported by the server. # This allows to specify if this instance is able to provide chat # services or audio/video conference services, or both. # Valid values: audio, video, text. # Example: audio video text # Default: text #supported-media-types=text # Type of media encryption the server will offer when calling participants # to an audio or video conference. # Valid values: none, sdes, zrtp, dtls. # Default: none #encryption=none # Public host name or IP addresses of the server. # Setting this parameter is required when the conference server # is deployed behind a firewall. This way, public IP address (v4, # v6) can be advertised in SDP, as ICE server-reflexive candidates # in order for the server to receive RTP media packets from clients. # If no hostname is given, the v4 and v6 IP addresses can be listed, # in any order. It is not possible to configure several v4 addresses # or several v6 addresses. # Example: # nat-addresses=conference.linphone.org # nat-addresses=5.135.31.160 2001:41d0:303:3aee::1 # Default: #nat-addresses= # Server shall delete chat rooms that have no registered participants. # Default: true #empty-chat-room-deletion=true # Directory where the server state files are stored. # # Default: /var/opt/belledonne-communications/lib/flexisip #state-directory=/var/opt/belledonne-communications/lib/flexisip # Server will kill all incoming calls that last longer than the # defined value. # Special value 0 disables this feature. # Default: 0 # Default unit: second #call-timeout=0 ## ## Flexisip RegEvent server parameters. ## This server is in charge of responding to SIP SUBSCRIBE requests ## for the 'reg' event as defined by RFC3680 (https://tools.ietf.org/html/rfc3680). ## It relies on the registrar database setup in the 'module::Registrar' ## section to generate outgoing NOTIFY requests ## [regevent-server] # SIP URI on which the server is listening on. # WARNING: only 'TCP' transport is supported. # Default: sip:127.0.0.1:6065;transport=tcp #transport=sip:127.0.0.1:6065;transport=tcp ## ## Flexisip back-to-back user agent (B2BUA) server parameters. ## [b2bua-server] # The type of application that will handle calls bridged through # the server. Possible values: # - `trenscrypter` Bridge different encryption types on both ends # transparently. # - `sip-bridge` Bridge calls through an external SIP provider. # (e.g. for PSTN gateways) # Default: trenscrypter #application=trenscrypter # Unique SIP URI on which the server is listening. # Default: sip:127.0.0.1:6067;transport=tcp #transport=sip:127.0.0.1:6067;transport=tcp # Audio port to use for RTP and RTCP traffic. You can set a specific # port, a range of ports or let the server ask the kernel for an # available port (special value: 0). # Examples: 'audio-port=0' or 'audio-port=12345' or 'audio-port=1024-65535' # Default: 0 #audio-port=0 # Video port to use for RTP and RTCP traffic. You can set a specific # port, a range of ports or let the server ask the kernel for an # available port (special value: 0). # Examples: 'video-port=0' or 'video-port=12345' or 'video-port=1024-65535' # Default: 0 #video-port=0 # Value of User-Agent header. Use the following syntax: [/] # where can bet set to '{version}' that is a placeholder # for the Flexisip version. # It is also used by the module::B2bua to decide if requests should # be forwarded to the B2BUA server or not. # Default: Flexisip-B2BUA/{version} #user-agent=Flexisip-B2BUA/{version} # Directory where to store server local files # # Default: /var/opt/belledonne-communications/flexisip/b2b #data-directory=/var/opt/belledonne-communications/flexisip/b2b # The SIP proxy URI to which the server will send all outgoing requests. # Default: sip:127.0.0.1:5060;transport=tcp #outbound-proxy=sip:127.0.0.1:5060;transport=tcp # Duration after which the server will terminate a call if no RTP # packets are received from the other call participant. For performance # reasons, this parameter cannot be disabled. # Default: 30 # Default unit: second #no-rtp-timeout=30 # The server will terminate any bridged call that has been running # for longer than this amount of time. # Set to 0 to disable and let calls run unbounded. # Default: 0 # Default unit: second #max-call-duration=0 # Force outgoing video call to use the specified codec. Leave empty # to disable this feature. # Warning: all outgoing calls will only list this codec, which means # incoming calls must use it too. # Default: #video-codec= # The server shall use a separate connection (port) for each (external) # account it manages. # This can be used to work around DoS protection and rate-limiting # systems on external proxies. # Default: false #one-connection-per-account=false ## ## External SIP Provider Bridge parameters. ## [b2bua-server::sip-bridge] # Path to a file containing the accounts to use for external SIP # bridging, organised by provider, in JSON format. # Here is a template of what should be in this file: # { # "schemaVersion": 2, # "providers": [ # { # "name": "", # "accountPool": "", # "triggerCondition": { # "strategy": "" # "pattern": "" # }, # "accountToUse": { # "strategy": "FindInPool|Random", # "by": "", # "source": "" # }, # "onAccountNotFound": "nextProvider|decline", # "outgoingInvite": { # "to": "<{account.alias}|sip:{incoming.to.user}@{account.sipIdentity.hostport}{incoming.to.uriParameters}>", # "from": "", # "outboundProxy": "", # "enableAvpf": , # "mediaEncryption": "" # } # } # ], # "accountPools": { # "": { # "outboundProxy": "", # "registrationRequired": , # "registrationThrottlingRateMs": , # "unregisterOnServerShutdown": , # "maxCallsPerLine": , # "loader": { # "dbBackend": "", # "initQuery": "" # "updateQuery": "", # "connection": "" # } # }, # "": { # "outboundProxy": "", # "registrationRequired": , # "registrationThrottlingRateMs": , # "unregisterOnServerShutdown": , # "maxCallsPerLine": , # "loader": [ # { # "uri": "", # "userid": "" # "secretType": "", # "secret": "" # "realm": "" # "alias": " # "outboundProxy": "", # } # ] # } # } # } # Full documentation is available here: https://wiki.linphone.org/xwiki/wiki/public/view/Flexisip/Configuration/Back-to-back%20User%20Agent%20%28b2bua%29/SIP%20Bridge/#sip-bridge # # Default: example-path.json #providers=example-path.json ## ## Encryption transcoder bridge parameters. ## [b2bua-server::trenscrypter] # Select the call outgoing encryption mode, this is a list of regular # expressions and encryption mode. # Valid encryption modes are: zrtp, dtls-srtp, sdes, none. # # The list is formatted in the following mode: # mode1 regex1 mode2 regex2 ... moden regexn # regex use posix syntax, any invalid one is skipped # Each regex is applied, in the given order, on the callee sip uri(including # parameters if any). First match found determines the encryption # mode. if no regex matches, the incoming call encryption mode is # used. # # Example: zrtp .*@sip\.secure-example\.org dtsl-srtp .*dtls@sip\.example\.org # zrtp .*zrtp@sip\.example\.org sdes .*@sip\.example\.org # In this example: the address is matched in order with # .*@sip\.secure-example\.org so any call directed to an address # on domain sip.secure-example-org uses zrtp encryption mode # .*dtls@sip\.example\.org any call on sip.example.org to a username # ending with dtls uses dtls-srtp encryption mode # .*zrtp@sip\.example\.org any call on sip.example.org to a username # ending with zrtp uses zrtp encryption mode # The previous example will fail to match if the call is directed # to a specific device(having a GRUU as callee address) # To ignore sip URI parameters, use (;.*)? at the end of the regex. # Example: .*@sip\.secure-example\.org(;.*)? # Default:Selected encryption mode(if any) is enforced and the call # will fail if the callee does not support this mode # Default: #outgoing-enc-regex= # Outgoing SRTP crypto suite in SDES encryption mode: # Select the call outgoing SRTP crypto suite when outgoing encryption # mode is SDES, this is a list of regular expressions and crypto # suites list. # Valid srtp crypto suites are : # AES_CM_128_HMAC_SHA1_80, AES_CM_128_HMAC_SHA1_32 # AES_192_CM_HMAC_SHA1_80, AES_192_CM_HMAC_SHA1_32 // currently # not supported # AES_256_CM_HMAC_SHA1_80, AES_256_CM_HMAC_SHA1_80 # AEAD_AES_128_GCM, AEAD_AES_256_GCM # # The list is formatted in the following mode: # cryptoSuiteList1 regex1 cryptoSuiteList2 regex2 ... crytoSuiteListn # regexn # with cryptoSuiteList being a ; separated list of crypto suites. # # Regex use posix syntax, any invalid one is skipped # Each regex is applied, in the given order, on the callee sip uri(including # parameters if any). First match found determines the crypto suite # list used. # # if no regex matches, core setting is applied # or default to AES_CM_128_HMAC_SHA1_80;AES_CM_128_HMAC_SHA1_32;AES_256_CM_HMAC_SHA1_80;AES_256_CM_HMAC_SHA1_32 # when no core setting is available # # Example: # AES_256_CM_HMAC_SHA1_80;AES_256_CM_HMAC_SHA1_32 .*@sip\.secure-example\.org # AES_CM_128_HMAC_SHA1_80 .*@sip\.example\.org # # In this example: the address is matched in order with # .*@sip\.secure-example\.org so any call directed to an address # on domain sip.secure-example-org uses AES_256_CM_HMAC_SHA1_80;AES_256_CM_HMAC_SHA1_32 # suites (in that order) # .*@sip\.example\.org any call directed to an address on domain # sip.example.org use AES_CM_128_HMAC_SHA1_80 suite # The previous example will fail to match if the call is directed # to a specific device(having a GRUU as callee address) # To ignore sip URI parameters, use (;.*)? at the end of the regex. # Example: .*@sip\.secure-example\.org(;.*)? # Default: # Default: #outgoing-srtp-regex= ## ## Ban users when they send too much packets within a given timeframe. ## Execute "iptables -L" to see the list of currently banned IPs/ports. ## [module::DoSProtection] # Indicate whether the module is activated. # Default: true enabled=false # A request/response enters module if the boolean filter evaluates # to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain # in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org') # && (user-agent == 'Linphone v2'). You can consult the full filter # documentation here : https://wiki.linphone.org/xwiki/wiki/public/view/Flexisip/Configuration/Filter%20syntax/ # Default: #filter= # Time to consider to compute the packet rate # Default: 3000 # Default unit: millisecond #time-period=3000 # Maximum packet rate in packets/seconds, averaged over [time-period] # millisecond(s) to consider it as a DoS attack. # Default: 20 #packet-rate-limit=20 # Time duration for which an ip/port is banned. # Default: 2 # Default unit: minute #ban-time=2 # Name of the chain the server will create to store banned IPs # Default: FLEXISIP #iptables-chain=FLEXISIP # List of IP addresses or hostnames for which no DoS protection # is applied. This is typically for trusted servers from which it # is planned to receive high traffic. Please note that nodes from # the local Flexisip cluster (see [cluster] section) are automatically # added to the white list, as well as 127.0.0.1 and ::1. # Example: # white-list=sip.example.org sip.linphone.org 15.128.128.93 # Default: #white-list= ## ## The SanitChecker module checks that required fields of a SIP message ## are present to avoid unecessary checking while processing message ## further. ## If the message doesn't meet these sanity check criterias, then ## it is stopped and bad request response is sent. ## [module::SanityChecker] # Indicate whether the module is activated. # Default: true #enabled=true # A request/response enters module if the boolean filter evaluates # to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain # in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org') # && (user-agent == 'Linphone v2'). You can consult the full filter # documentation here : https://wiki.linphone.org/xwiki/wiki/public/view/Flexisip/Configuration/Filter%20syntax/ # Default: #filter= ## ## The GarbageIn module collects incoming garbage and prevent any ## further processing. ## [module::GarbageIn] # Indicate whether the module is activated. # Default: false #enabled=false # A request/response enters module if the boolean filter evaluates # to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain # in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org') # && (user-agent == 'Linphone v2'). You can consult the full filter # documentation here : https://wiki.linphone.org/xwiki/wiki/public/view/Flexisip/Configuration/Filter%20syntax/ # Default: false #filter=false ## ## Enable this module in order the proxy replies to OPTION requests ## by “200 Ok”. Today, no supported header is added in the response, ## so this mechanism cannot be used for capabilities introspection. ## If the module is disabled, the request will be silently discarded. ## [module::Capabilities] # Indicate whether the module is activated. # Default: true #enabled=true # A request/response enters module if the boolean filter evaluates # to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain # in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org') # && (user-agent == 'Linphone v2'). You can consult the full filter # documentation here : https://wiki.linphone.org/xwiki/wiki/public/view/Flexisip/Configuration/Filter%20syntax/ # Default: #filter= ## ## The NatHelper module executes small tasks to make SIP work smoothly ## despite firewalls and NATs. There are two strategies available: ## "contact-correction" and "flow-token". ## Contact-Correction: corrects Contact headers that contain obviously ## inconsistent addresses. ## Flow-Token: add routing information in the Record-Routes as defined ## in RFC 5626. ## Both methods ensure that subsequent requests are correctly routed ## by the proxy through the same UDP or TCP channel used for the ## initial request. ## [module::NatHelper] # Indicate whether the module is activated. # Default: true #enabled=true # A request/response enters module if the boolean filter evaluates # to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain # in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org') # && (user-agent == 'Linphone v2'). You can consult the full filter # documentation here : https://wiki.linphone.org/xwiki/wiki/public/view/Flexisip/Configuration/Filter%20syntax/ # Default: #filter= # Strategy to manage client-initiated connections when SIP messages # are routed through NATs. You can choose between "contact-correction" # and "flow-token". # Default: contact-correction #nat-traversal-strategy=contact-correction # Boolean expression in order to force the use of flow-token under # specific conditions. This expression is only evaluated if the # "flow-token" strategy is used. # # Default: user-agent contains 'Linphone' #force-flow-token=user-agent contains 'Linphone' # Path to the file containing the hash key used to hash flow tokens. # Default: /var/opt/belledonne-communications/lib/flexisip/flow-token-hash-key #flow-token-path=/var/opt/belledonne-communications/lib/flexisip/flow-token-hash-key # Internal URI parameter added to response contact by first proxy # and cleaned by last one. It indicates if the contact was already # verified and corrected. # Default: verified #contact-correction-param=verified # Fix record-routes, to workaround proxies behind firewalls but # not aware of it. # Default: false #fix-record-routes=false # Policy to recognize NATed record-route and fix them. There are # two modes: 'safe' and 'always' # Default: safe #fix-record-routes-policy=safe ## ## The authentication module challenges and authenticates SIP requests ## using two possible methods: ## * if the request is received via a TLS transport and 'require-peer-certificate' ## is set in transport definition in [Global] section for this transport, ## then the From header of the request is matched with the CN claimed ## by the client certificate. The CN must contain sip:user@domain ## or alternate name with URI=sip:user@domain corresponding to the ## URI in the from header for the request to be accepted. Optionnaly, ## the property tls-client-certificate-required-subject may contain ## a regular expression for additional checks to execute on certificate ## subjects. ## * if no TLS client based authentication can be performed, or ## has failed, then a SIP digest authentication is performed. The ## password verification is made by querying a database or a password ## file on disk. ## [module::Authentication] # Indicate whether the module is activated. # Default: false enabled=true # A request/response enters module if the boolean filter evaluates # to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain # in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org') # && (user-agent == 'Linphone v2'). You can consult the full filter # documentation here : https://wiki.linphone.org/xwiki/wiki/public/view/Flexisip/Configuration/Filter%20syntax/ # Default: #filter= # List of whitespace-separated IP addresses which will be judged # as trustful. Messages coming from these addresses won't be challenged. # Default: #trusted-hosts= # List of whitespace separated domains to challenge. Others are # automatically denied. The wildcard domain '*' is accepted, which # means that requests are challenged whatever the originating domain # is. This is convenient for a proxy serving multiple SIP domains. # # Default: localhost auth-domains=<%= @flexisip_domain %> # List of digest algorithms to use for password hashing. Think this # setting as filter applied after fetching the credentials of a # user from the user database. For example, if a user has its password # hashed by MD5 and SHA-256 but 'available-algorithms' only has # MD5, then only a MD5-based challenged will be submitted to the # UAC. # Furthermore, should a user have several hashed passwords and these # are present in the list, then a challenge header will be put in # the 401 response for each fetched password in the order given # by the list. # Supported algorithms are MD5 and SHA-256. # Default: MD5 #available-algorithms=MD5 # Disable the QOP authentication method. Default is to use it, use # this flag to disable it if needed. # Default: false #disable-qop-auth=false # Don't reply 403 when authentication fails. Instead, generate a # new 401 (or 407) response containing a new challenge. # Default: false #no-403=false # Expiration time before generating a new nonce. # Default: 3600 # Default unit: second #nonce-expires=3600 # The realm to use for digest authentication. It will used whatever # the domain of the From-URI. # If the value starts with 'regex:', then this parameter will have # the same effect than 'realm-regex', using all the remaining string # as regular expression. # WARNING: this parameter is exclusive with 'realm-regex' # # Examples: # realm=sip.example.org # realm=regex:sip:.*@sip\.(.*)\.com # # Default: #realm= # Extraction regex applied on the URI of the 'from' header (or P-Preferred-Identity # header if present) in order to extract the realm. The realm is # found out by getting the first slice of the URI that matches the # regular expression. If it has one or more capturing parentheses, # the content of the first one is used as realm. # If no regex is specified, then the realm will be the domain part # of the URI. # # For instance, given auth-domains=sip.example.com, you might use # 'sip:.*@sip\.(.*)\.com' in order to use 'example' as realm. # # WARNING: this parameter is exclusive with 'realm' # Default: #realm-regex= # If set to true, the module will simply reject with "403 forbidden" # any request coming from clients which have presented a bad TLS # certificate (regardless of reason: improper signature, unmatched # subjects). Otherwise, the module will fallback to a digest authentication. # This policy applies only for transports configured which have # 'required-peer-certificate=1' parameter; indeed no certificate # is requested to the client otherwise. # Default: false #reject-wrong-client-certificates=false # An optional regular expression used to accept or deny a request # basing on subject fields of the client certificate. The request # is allowed if one of the subjects matches the regular expression. # The list of subjects to check is built by extracting the following # fields, in order: # subjectAltNames.DNS, subjectAltNames.URI, subjectAltNames.IP # and CN # Default: #tls-client-certificate-required-subject= # Accept requests which the client certificate enables to trust # the domaine of its Request-URI. # Default: false #trust-domain-certificates=false # When receiving a proxy authenticate challenge, generate a new # challenge for this proxy. # Default: false #new-auth-on-407=false # Database backend implementation for digest authentication [soci,file]. # Default: file db-implementation=file # Duration of the validity of the credentials added to the cache. # Default: 1800 # Default unit: second #cache-expire=1800 # Path of the file in which user credentials are stored. # The file must start with 'version:1' as the first line, and then # contains lines in the form of: # user@domain clrtxt:clear-text-password md5:md5-password sha256:sha256-password # ; # For example: # bellesip@sip.linphone.org clrtxt:secret ; # bellesip@sip.linphone.org md5:97ffb1c6af18e5687bf26cdf35e45d30 # ; # bellesip@sip.linphone.org clrtxt:secret md5:97ffb1c6af18e5687bf26cdf35e45d30 # sha256:d7580069de562f5c7fd932cc986472669122da91a0f72f30ef1b20ad6e4f61a3 # ; # Default: file-path=/etc/flexisip/users.db.txt # Choose the type of backend that Soci will use for the connection. # Depending on your Soci package and the modules you installed, # this could be 'mysql', 'oracle', 'postgresql' or something else. # Default: mysql #soci-backend=mysql # The configuration parameters of the Soci backend. # The basic format is "key=value key2=value2". For a mysql backend, # this is a valid config: "db=mydb user=user password='pass' host=myhost.com". # Please refer to the Soci documentation of your backend, for intance: # http://soci.sourceforge.net/doc/release/4.0/backends/mysql/ # Default: db=mydb user=myuser password='mypass' host=myhost.com #soci-connection-string=db=mydb user=myuser password='mypass' host=myhost.com # Soci SQL request used to obtain the password of a given user. # Each keywords starting with ':' character will be replaced by # strings extracted from the SIP request to authenticate. # # Only these keywords are supported: - ':id' : the user found # in the from header (mandatory) # - ':domain' : the authorization realm # - ':authid' : the authorization username # # The request MUST returns a two-columns table, which columns are # defined as follow: # - 1st column: hashed password of the user or plain password if # the associated algorithm is CLRTXT. # - 2nd column: the algorithm used to hash the associated password. # Supported values: 'CLRTXT', 'MD5', 'SHA-256' # # Examples: # - the password and algorithm are both available in the database # select password, algorithm from accounts where login = :id and # domain = :domain # # - all the passwords from the database are MD5 # select password, 'MD5' from accounts where login = :id and domain # = :domain # Default: select password, 'MD5' from accounts where login = :id and domain = :domain #soci-password-request=select password, 'MD5' from accounts where login = :id and domain = :domain # Amount of queries that will be allowed to be queued before bailing # password requests. # This value should be chosen accordingly with 'soci-poolsize', # so that you have a coherent behavior. # This limit is here mainly as a safeguard against out-of-control # growth of the queue in the event of a flood or big delays in the # database backend. # Default: 1000 #soci-max-queue-size=1000 # Size of the pool of connections that Soci will use. A thread is # opened for each DB query, and this pool will allow each thread # to get a connection. # The threads are blocked until a connection is released back to # the pool, so increasing the pool size will allow more connections # to occur simultaneously. # On the other hand, you should not keep too many open connections # to your DB at the same time. # Default: 100 #soci-poolsize=100 ## ## This module redirect sip requests with a 302 move temporarily. ## [module::Redirect] # Indicate whether the module is activated. # Default: false #enabled=false # A request/response enters module if the boolean filter evaluates # to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain # in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org') # && (user-agent == 'Linphone v2'). You can consult the full filter # documentation here : https://wiki.linphone.org/xwiki/wiki/public/view/Flexisip/Configuration/Filter%20syntax/ # Default: #filter= # A contact where to redirect requests. ex: ;expires=100 # Default: #contact= ## ## This module is in charge of routing 'reg' event SUBSCRIBE requests ## to the flexisip-regevent server. ## [module::RegEvent] # Indicate whether the module is activated. # Default: false #enabled=false # A request/response enters module if the boolean filter evaluates # to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain # in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org') # && (user-agent == 'Linphone v2'). You can consult the full filter # documentation here : https://wiki.linphone.org/xwiki/wiki/public/view/Flexisip/Configuration/Filter%20syntax/ # Default: #filter= # A sip uri where to send all the reg-event related requests. # Default: sip:127.0.0.1:6065;transport=tcp #regevent-server=sip:127.0.0.1:6065;transport=tcp ## ## This module is in charge of intercepting requests and routing ## them to the back-to-back user agent server. ## Requests filtering is based on the "User-Agent" header value, ## thus 'b2bua-server/user-agent' values must match both on Proxy ## and B2BUA servers. ## [module::B2bua] # Indicate whether the module is activated. # Default: false #enabled=false # A request/response enters module if the boolean filter evaluates # to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain # in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org') # && (user-agent == 'Linphone v2'). You can consult the full filter # documentation here : https://wiki.linphone.org/xwiki/wiki/public/view/Flexisip/Configuration/Filter%20syntax/ # Default: #filter= # A sip uri where to send all the relevant requests. # Default: sip:127.0.0.1:6067;transport=tcp #b2bua-server=sip:127.0.0.1:6067;transport=tcp ## ## This module transfers SIP presence messages, like subscribe/notify/publish ## to a presence server. ## [module::Presence] # Indicate whether the module is activated. # Default: false #enabled=false # A request/response enters module if the boolean filter evaluates # to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain # in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org') # && (user-agent == 'Linphone v2'). You can consult the full filter # documentation here : https://wiki.linphone.org/xwiki/wiki/public/view/Flexisip/Configuration/Filter%20syntax/ # Default: is_request && (request.method-name == 'PUBLISH' || request.method-name == 'NOTIFY' || request.method-name == 'SUBSCRIBE') #filter=is_request && (request.method-name == 'PUBLISH' || request.method-name == 'NOTIFY' || request.method-name == 'SUBSCRIBE') # A SIP URI where to send all presence related requests. # Default: sip:127.0.0.1:5065;transport=tcp #presence-server=sip:127.0.0.1:5065;transport=tcp # If true, only manage list subscription. # Default: false #only-list-subscription=false # When getting the list of users with phones, if this setting is # enabled, it will limit the results to the ones that have the same # domain. # Default: false #check-domain-in-presence-results=false ## ## The Registrar module handles REGISTER requests for domains it ## is in charge of. It stores the address of record (AOR) in order ## to allow routing requests intended to the client who registered. ## REGISTER requests for other domains are simply ignored and transferred ## to the next module. ## [module::Registrar] # Indicate whether the module is activated. # Default: true enabled=true # A request/response enters module if the boolean filter evaluates # to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain # in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org') # && (user-agent == 'Linphone v2'). You can consult the full filter # documentation here : https://wiki.linphone.org/xwiki/wiki/public/view/Flexisip/Configuration/Filter%20syntax/ # Default: #filter= # List of whitespace separated domain names which the registar is # in charge of. It can eventually be the '*' (wildcard) in order # to match any domain name. # Default: localhost reg-domains=<%= @flexisip_domain %> # Register users based on response obtained from a back-end server. # This mode is for using flexisip as a front-end server to hold # client connections but registeracceptance is deferred to backend # server to which the REGISTER is routed. # Default: false #reg-on-response=false # Maximum number of registered contacts per address of record. # Default: 12 #max-contacts-by-aor=12 # Limits the number of authorized "Contact:" headers in a REGISTER # request. If the number of "Contact:" headers exceeds this limit, # the request is rejected. # Default: 12 #max-contacts-per-registration=12 # List of contact URI parameters that can be used to identify a # user's device. The contact parameters are searched in the order # of the list, the first matching parameter is used and the others # ignored. # Default: +sip.instance pn-tok line #unique-id-parameters=+sip.instance pn-tok line # When supported by the client, assign a pub-gruu address to the # client, returned in the response. # Default: true #enable-gruu=true # Maximum expiry value for a REGISTER. # Default: 86400 # Default unit: second #max-expires=86400 # Minimum expiry value for a REGISTER. # Default: 60 # Default unit: second #min-expires=60 # Default expiry value to be used if no value has been found in # the request headers or in 'Contact' header parameters. # Default: 10min # Default unit: millisecond #default-expires=10min # Set a value that will override expiry values indicated in a 'REGISTER' # request. A null or negative value disables this feature. If enabled, # 'max-expires', 'min-expires' and 'default-expires' will not have # any effect. # Default: 0 # Default unit: second #force-expires=0 # File containing the static records to add to database on startup. # Format: one 'sip_uri contact_header' by line. Example: # , # Default: #static-records-file= # Timeout after which the static records file is re-read and the # contacts updated. # Default: 600 # Default unit: second #static-records-timeout=600 # Implementation used for storing the contact URIs of each address # of record. Two backends are available: # - redis : contacts are stored in a Redis database, which allows # persistent and shared storage accross multiple Flexisip instances. # - internal : contacts are stored in RAM. Of course, if flexisip # is restarted, all the contact URIs are lost until clients update # their registration. # The redis backend is recommended, the internal being more adapted # to very small deployments. # Default: internal db-implementation=internal # Hostname or address of the Redis server. # Default: localhost #redis-server-domain=localhost # Port of the Redis server. # Default: 6379 #redis-server-port=6379 # ACL username used to authenticate on Redis. Empty to disable. # Setting this but not `redis-auth-password` is a misconfiguration, # and will be ignored. # Default: #redis-auth-user= # Authentication password for Redis. Empty to disable. If set but # `redis-auth-user` is left unset or empty, Flexisip will attempt # to register in legacy mode. # Default: #redis-auth-password= # When Redis is configured in master-slave, Flexisip will periodically # ask which Redis instances are the slaves and the master. This # is the period at which it will query the server. It will then # determine whether it is connected to the master, and if not, will # terminate the connection and migrate to the master. # Note: This requires that all Redis instances have the same password. # Otherwise authentication will fail. # Default: 60 # Default unit: second #redis-slave-check-period=60 # Tell if Flexisip should try to connect to Redis slaves if master # went down. Can be disabled if slaves hostname info are on private # network for example. # Default: true #redis-use-slaves-as-backup=true # The frequency of activation of the subscription session keep alive # mechanism. Flexisip will periodically ping Redis subscription # session. It will then determine whether it is connected, and if # not, will try to reconnect. # Default: 60 # Default unit: second #redis-subscription-keep-alive-check-period=60 # Sequence of proxies (space-separated) where requests will be redirected # through (RFC3608) # Default: #service-route= # Name of the custom Contact header parameter which is to indicate # the expire time for chat message delivery. # Default: message-expires #message-expires-param-name=message-expires # If not zero, the expire time put in the 200 OK response won't # be the one required by the user agent, but will be slightly modified # by subtracting a random value. The value given by this parameter # is the maximum percentage of the initial expire that can be subtracted. # If zero, no randomization is applied. Value must be in [0, 100]. # Default: 0 #register-expire-randomizer-max=0 ## ## The purpose of the StatisticsCollector module is to collect call ## statistics (RFC 6035) and store them on the server. ## [module::StatisticsCollector] # Indicate whether the module is activated. # Default: false #enabled=false # A request/response enters module if the boolean filter evaluates # to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain # in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org') # && (user-agent == 'Linphone v2'). You can consult the full filter # documentation here : https://wiki.linphone.org/xwiki/wiki/public/view/Flexisip/Configuration/Filter%20syntax/ # Default: is_request && request.method-name == 'PUBLISH' #filter=is_request && request.method-name == 'PUBLISH' # SIP URI of the statistics collector. Note that application/vq-rtcpxr # messages for this address will be deleted by this module and thus # not be delivered. # Default: #collector-address= ## ## The Router module routes requests for domains it manages. ## The routing algorithm is as follows: ## - first skip route headers that directly point to this proxy. ## - if a route header is found that doesn't point to this proxy, ## then the request is not processed by the Router module, and will ## be handled by the Forward module at the end of the processing ## chain. ## - examine the request-uri: if it is part of the domains managed ## by this proxy (according to Registrar module 'reg-domains' definition, ## then attempt to resolve the request-uri from the Registrar database. ## - the results from the registrar database, in the form of contact ## headers, are sorted by priority (q parameter), if any. ## - for each set of contact with equal priorities, the request ## is forked, and sent to their corresponding sip URI. After a timeout ## defined by property 'call-fork-current-branches-timeout', a next ## set of contact header is determined. ## - responses are received from all attempted branches, and sent ## back to the request originator, according to the procedure of ## RFC3261 16.7 Response processing. ## The router module offers different variations of the routing logic, ## depending on whether it is an INVITE, a MESSAGE, or another type ## of request. The processing of MESSAGE request essentially differs ## from others because it allows to keep the MESSAGE for a later ## delivery, in which case the incoming transaction will be terminated ## with a 202 Accepted response. ## [module::Router] # Indicate whether the module is activated. # Default: true #enabled=true # A request/response enters module if the boolean filter evaluates # to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain # in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org') # && (user-agent == 'Linphone v2'). You can consult the full filter # documentation here : https://wiki.linphone.org/xwiki/wiki/public/view/Flexisip/Configuration/Filter%20syntax/ # Default: #filter= # Store and retrieve contacts without using the domain. # Default: false #use-global-domain=false # Fork invites to late registers. # Default: false #fork-late=false # All the forked have to decline in order to decline the caller # invite. # Default: false #fork-no-global-decline=false # Treat 603 Declined answers as urgent. Only relevant if fork-no-global-decline # is set to true. # Default: false #treat-decline-as-urgent=false # During a fork procedure, treat all failure response as urgent. # Default: false #treat-all-as-urgent=false # Maximum time for a call fork to try to reach a callee. # Default: 90 # Default unit: second #call-fork-timeout=90 # Maximum time before delivering urgent responses during a call # fork. The typical fork process requires to wait the best response # from all branches before transmitting it to the client. However # some error responses are retryable immediately (like 415 unsupported # media, 401, 407) thus it is painful for the client to need to # wait the end of the transaction time (32 seconds) for these error # codes. # Default: 5 # Default unit: second #call-fork-urgent-timeout=5 # Maximum time before trying the next set of lower priority contacts. # Default: 10 # Default unit: second #call-fork-current-branches-timeout=10 # Fork MESSAGE requests to client registering lately. # Default: true #message-fork-late=true # Maximum duration for delivering a MESSAGE request. This property # applies only if message-fork-late is 'true'; otherwise, the duration # can't exceed the normal transaction duration. # Default: 604800 # Default unit: second #message-delivery-timeout=604800 # Maximum duration for accepting a MESSAGE request if no response # is received from any recipients. This property is meaningful when # message-fork-late is set to true. # Default: 5 # Default unit: second #message-accept-timeout=5 # If 'true', the message that are waiting for delivery will be stored # in database instead of memory. # Default: false #message-database-enabled=false # Choose the type of backend that Soci will use for the connection. # Depending on your Soci package and the modules you installed, # the supported databases are:`mysql` (and `sqlite3` soon) # Default: mysql #message-database-backend=mysql # The configuration parameters of the backend. The basic format # is "key=value key2=value2". For a mysql backend, this is a valid # config: "db=mydb user=user password='pass' host=myhost.com". Please # refer to the Soci documentation of your backend, for instance: # http://soci.sourceforge.net/doc/master/backends/#supported-backends-and-features # Default: db='mydb' user='myuser' password='mypass' host='myhost.com' #message-database-connection-string=db='mydb' user='myuser' password='mypass' host='myhost.com' # Size of the pool of connections that Soci will use for accessing # the message database. # Default: 100 #message-database-pool-size=100 # Default route to apply when the recipient is unreachable or when # when all attempted destination have failed.It is given as a SIP # URI, for example: sip:example.org;transport=tcp (without surrounding # brackets) # Default: #fallback-route= # During a call forking, allow several INVITEs going to the same # next hop to be grouped into a single one. A proprietary custom # header 'X-target-uris' is added to the INVITE to indicate the # final targets of the INVITE. # Default: false #allow-target-factorization=false # Whether the proxy is allowed to generate and send provisional # responses during a call forking process. A typical example for # this is the '110 Push sent' emitted by the proxy when at least # one push notification has been sent to a target UA while routing # an INVITE. Some old versions of Linphone (below linphone-sdk 4.2) # suffer from an issue when receiving such kind of provisional responses # that don't come from a remote client. This setting is mainly intended # to temporarily workaround this situation. # Default: true #permit-self-generated-provisional-response=true # Whether or not to resolve next hop in route header against registrar # database. This is an extension to RFC3261, and should not be used # unless in some specific deployment cases. A next hope in route # header is otherwise resolved through standard DNS procedure by # the Forward module. # Default: false #resolve-routes=false # Whether or not to fallback to the parent domain if there is no # fallback route set and the recipient is unreachable. For example, # if routing to sip:bob@a.b.com returns no result, route the request # to b.com. This is also a non-standard behavior. # Default: false #parent-domain-fallback=false # Only use the fallback route if the expression is true. # Default: true #fallback-route-filter=true # Max time the proxy will retain a request in order to maintain # order. # Default: 30 # Default unit: second #max-request-retention-time=30 # List of sip addresses that are always added to the list of contacts # fetched from the registrar database when routing INVITE and MESSAGE # requests. # Default: #static-targets= ## ## The PushNotification module sends push notifications to mobile ## phone notification systems: apple, firebase (android), as well ## as generic HTTP GET/POST APIs (custom server to which actual sending ## of the notification is delegated). Push notifications are sent ## when an INVITE or MESSAGE request is not answered by thedestination ## of the request within a certain period of time (configurable hereunder ## by 'timeout' parameter). This module has an implicit dependency ## on the Router module, which is in charge of creating the incoming ## and outgoing transactions as well as the context associated with ## the request forking process. No push notification can be sent ## if the Router module is not enabled. The time-to-live (ttl) of ## the push notification depends on the type of event for which the ## push notification is sent: ## - If it is for a call (INVITE), ttl will be set equal to 'module::Router/call-fork-timeout', ## which corresponds to the maximum time for a call attempt. ## - If it is for an IM (MESSAGE or INVITE for a text session), ## ttl will be set equal to 'message-time-to-live'. ## [module::PushNotification] # Indicate whether the module is activated. # Default: false #enabled=false # A request/response enters module if the boolean filter evaluates # to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain # in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org') # && (user-agent == 'Linphone v2'). You can consult the full filter # documentation here : https://wiki.linphone.org/xwiki/wiki/public/view/Flexisip/Configuration/Filter%20syntax/ # Default: #filter= # Time to wait before sending a push notification to a device. # A negative or zero value will cause the push notification to be # sent immediately. This behavior is recommended as mobile devices # do not have a permanent connection with Flexisip most of the time. # Default: 0 # Default unit: second #timeout=0 # Time to live for the push notifications related to IM messages. # The default value zero is interpreted as using the same value # as for 'module::Router/message-delivery-timeout'. # Default: 0 # Default unit: second #message-time-to-live=0 # Maximum number of push notifications queued for each push notification # service. # Default: 100 #max-queue-size=100 # Number of push notification request retransmissions sent to a # client for a same event (call or message). # Retransmissions cease when a response is received from the client. # The value zero disables retransmissions. # Default: 0 #retransmission-count=0 # Retransmission interval for push notification requests, when a # 'retransmission-count' has been specified above. # Default: 5 # Default unit: second #retransmission-interval=5 # Default interval between two subsequent push notifications when # remote push notifications are used to notify a call invitation # to a client that has not published any token for VoIP and background # push notifications. # In that case, several push notifications are sent subsequently # until the call is picked up, declined or canceled. This parameter # can be overridden by the client by using the 'pn-call-remote-push-interval' # push parameter. # A value of zero deactivates push notification repetitions and # the sending of the final notification. Thus, only the first push # notification will be sent. The value must be in [0;30]. # Default: 0 # Default unit: second #call-remote-push-interval=0 # If true, the following key in the payload of the push request # will be set: # * 'from-uri': the SIP URI of the caller or the message sender. # * 'display-name': the display name of the caller or the message # sender. # * 'loc-args': the display name if not empty or the SIP URI instead. # # If false, the keys will be set empty. # Default: false #display-from-uri=false # Enable push notification for Apple devices. # Default: true #apple=true # Path to directory where Apple Push Notification service certificates # are located. # The file names MUST bear the appid of the application, suffixed # by the release mode and '.pem' extension. Examples: org.linphone.dev.pem, # org.linphone.prod.pem, com.somephone.dev.pem, etc... The files # MUST be '.pem' format, and made of certificates followed by the # private key. # This directory may also contain Voice Over IP certificates (certificates # to use PushKit). They MUST bear the appid of the application, # suffixed by the release mode and '.pem' extension, and made of # certificate followed by the private key. Examples: org.linphone.voip.dev.pem, # org.linphone.voip.prod.pem, com.somephone.voip.dev.pem, etc... # Default: /etc/flexisip/apn #apple-certificate-dir=/etc/flexisip/apn # Set the badge value to 0 for Apple push notifications. # Default: false #no-badge=false # Enable push notification for Android devices. # Default: true #firebase=true # List of pairs of : for each Android project that supports # push notifications. # Default: #firebase-projects-api-keys= # List of pairs of : for each Android project that supports push notifications. # Default: #firebase-service-accounts= # Time to execute the access token refresh operation just before # the current access token expires. This parameter is used to control # overlapping access token lifetimes. # Default: 300 # Default unit: second #firebase-token-expiration-anticipation-time=300 # Default interval to execute the access token refresh operation # in the event that the access token has not been successfully obtained. # Default: 60 # Default unit: second #firebase-default-refresh-interval=60 # Allows you to route push notification requests through a designated # server instead of directly communicating with Apple and Google # servers. # Using this setup, the server sends an HTTP request to the specified # server, embedding all required information within the URL. Various # placeholders can be used within the HTTP request URI: # # - $type: Type of push notification, distinguishing between Apple # ('apple') and Android ('firebase') notifications. # - $token: Value of the 'pn-prid' push parameter. For Apple devices, # 'pn-prid' may contain multiple tokens depending on the notification # type ('remote' or 'voip'). In such cases, $token is replaced by # the relevant token matching the notification type. # - $api-key: Deprecated placeholder for the Firebase API key. # It is advised that the designated server manages the authentication # credentials. # - $app-id: Application identifier. On Android, it matches the # value of 'pn-param'. On Apple, it matches the string between the # first and last dot ('.') of 'pn-param'. For example, if 'pn-param' # is 'ABCD1234.org.my-app.remote&voip', $app-id becomes 'org.my-app'. # - $from-name: Display name in the 'From' header of the triggering # request for the push notification. Replaced by an empty string # if 'display-from-uri' is false. # - $from-uri: SIP URI in the 'From' header of the triggering request. # Replaced by an empty string if 'display-from-uri' is false. # - $from-tag: Tag of the 'From' header in the triggering request. # - $to-uri: SIP URI in the 'To' header. # - $call-id: Call-ID of the INVITE or MESSAGE request. # - $event: Type of event that triggered the push notification # ('call' for call invites, 'message' for message delivery or chatroom # invitation). # - $sound: For iOS only, if $event is 'call', it is the value # of 'pn-call-snd' contact parameter; otherwise, it represents 'pn-msg-snd'. # This allows customization of the push notification sound. If 'pn-call-snd' # or 'pn-msg-snd' contact parameters were not set during user agent # registration, the placeholder is replaced with 'empty'. # - $msgid: For iOS only, replaced by respective contact parameter # values ('pn-call-str', 'pn-msg-str', or 'pn-groupchat-str') if # the triggering SIP message is a call invite, pending message, # or groupchat invitation. If these parameters were not set during # user agent registration, placeholders are replaced by 'IC_MSG', # 'IM_MSG', or 'IG_MSG'. This allows customization of the push notification # title. # - $uid: UUID present in the '+sip.instance' parameter value when # the recipient of the push notification registered to the registrar. # # Additionally, the text message content is included in the HTTP # request body as text/plain if available. Example: http://292.168.0.2/$type/$event?from-uri=$from-uri&tag=$from-tag&callid=$callid&to=$to-uri # Default: #external-push-uri= # Method for reaching external-push-uri (typically GET or POST). # Default: GET #external-push-method=GET # Protocol used for reaching external-push-uri ('http2' or 'http' # (deprecated)). # Default: http2 #external-push-protocol=http2 # Send service push notification periodically to all devices that # are about to expire and should wake up to REGISTER back. The zero # value disables this feature. Recommended value: 30 # Default: 0 # Default unit: minute #register-wakeup-interval=0 # Start sending wake-up push notifications to contacts when they # pass the provided percentage of their lifetime. The value MUST # be in [0;100] # Default: 50 #register-wakeup-threshold=50 ## ## The MediaRelay module masquerades SDP message so that all RTP ## and RTCP streams go through the proxy. When the client has set ## ICE candidates in the SDP offer, then the MediaRelay module will ## automatically add ICE relay candidates. The RTP and RTCP streams ## are then routed so that each client receives the stream of the ## other. MediaRelay makes sure that RTP is ALWAYS established, even ## with uncooperative firewalls. ## [module::MediaRelay] # Indicate whether the module is activated. # Default: true #enabled=true # A request/response enters module if the boolean filter evaluates # to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain # in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org') # && (user-agent == 'Linphone v2'). You can consult the full filter # documentation here : https://wiki.linphone.org/xwiki/wiki/public/view/Flexisip/Configuration/Filter%20syntax/ # Default: #filter= # The name of the SDP attribute to set by the first proxy to forbid # subsequent proxies to provide relay. Use 'disable' to disable. # Default: nortpproxy #nortpproxy=nortpproxy # The minimal value of SDP port range # Default: 1024 sdp-port-range-min=<%= @flexisip_sdp_port_range_min %> # The maximal value of SDP port range # Default: 65535 sdp-port-range-max=<%= @flexisip_sdp_port_range_max %> # Sends a ACK and BYE to 200Ok for INVITEs not belonging to any # established call. This is to solve the race condition that happens # when two callees answer the same call at the same time. According # to RFC3261, the caller is expected to send an ACK followed by # a BYE to the loser callee. This is not the case in RFC2543, where # the proxy was supposed to do this. When set to true, the MediaRelay # module will implement the RFC2543 behavior. Note that it may sound # inappropriate to bundle this property with the media relay feature. # However the MediaRelay module is the only one in Flexisip that # has the visibility of SIP dialogs, which is necessary to implement # this feature. # Default: false #bye-orphan-dialogs=false # Maximum concurrent calls processed by the media-relay. Calls arriving # when the limit is exceed will be rejected. A value of 0 means # no limit. # Default: 0 #max-calls=0 # When true, the 'c=' line and port number are set to the relay # ip/port even if ICE candidates are present in the request, while # the standard behavior is to leave the c= line and port number # as they are in the original offer sent by the client. This variation # allows callees that do not support ICE at all to benefit from # the media relay service. # Default: true #force-relay-for-non-ice-targets=true # Prevent media-relay ports to loop between them, which can cause # 100% cpu on the media relay thread. You need to set this property # to false if you are running test calls from clients running on # the same IP address as the flexisip server # Default: true #prevent-loops=true # In case multiples '183 Early media' responses are received for # a call, only the first one will have RTP streams forwarded back # to caller. This feature prevents the caller to receive 'mixed' # streams, but it breaks scenarios where multiple servers play early # media announcement in sequence. # Default: true #early-media-relay-single=true # Maximum number of relayed early media streams per call. This is # useful to limit the cpu usage due to early media relaying on embedded # systems. A value of 0 stands for unlimited. # Default: 0 #max-early-media-per-call=0 # Period of time after which a relayed call without any activity # is considered as no longer running. Activity counts RTP/RTCP packets # exchanged through the relay and SIP messages. # Default: 3600 # Default unit: second #inactivity-period=3600 # Force the media relay to use the public address of Flexisip to # relay calls. It not enabled, Flexisip will deduce a suitable IP # address by basing on data from SIP messages, which could fail # in tricky situations e.g. when Flexisip is behind a TCP proxy. # Default: false #force-public-ip-for-sdp-masquerading=false ## ## The purpose of the Transcoder module is to transparently transcode ## from one audio codec to another to make the communication possible ## between clients that do not share the same set of supported codecs. ## Concretely, it adds all missing codecs into the INVITEs it receives, ## and adds codecs matching the original INVITE into the 200Ok. Rtp ## ports and addresses are masqueraded so that the streams can be ## processed by the proxy. The transcoding job is done in the background ## by the Mediastreamer2 library, as consequence the set of supported ## codecs is exactly the the same as the codec set supported by Mediastreamer2, ## including the possible plugins you may installed to extend Mediastreamer2. ## ## WARNING: this module can conflict with the MediaRelay module as ## they are both changing the SDP. Make sure to configure them with ## different to-domains or from-domains filter if you want to enable ## both of them. ## [module::Transcoder] # Indicate whether the module is activated. # Default: false #enabled=false # A request/response enters module if the boolean filter evaluates # to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain # in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org') # && (user-agent == 'Linphone v2'). You can consult the full filter # documentation here : https://wiki.linphone.org/xwiki/wiki/public/view/Flexisip/Configuration/Filter%20syntax/ # Default: #filter= # Nominal size of RTP jitter buffer. A value of 0 means no jitter # buffer (packet processing). # Default: 0 # Default unit: millisecond #jb-nom-size=0 # Whitespace separated list of user-agent strings for which audio # rate control is performed. # Default: #rc-user-agents= # Whitespace seprated list of audio codecs, in order of preference. # The 'telephone-event' codec is necessary for inband DTMF processing. # Default: speex/8000 amr/8000 iLBC/8000 gsm/8000 pcmu/8000 pcma/8000 telephone-event/8000 #audio-codecs=speex/8000 amr/8000 iLBC/8000 gsm/8000 pcmu/8000 pcma/8000 telephone-event/8000 # Remove the bandwidth limitations from SDP offers and answers # Default: false #remove-bw-limits=false # If true, retransmissions of INVITEs will be blocked. The purpose # of this option is to limit bandwidth usage and server load on # reliable networks. # Default: false #block-retransmissions=false ## ## This module executes the basic routing task of SIP requests and ## pass them to the transport layer. It must always be enabled. ## [module::Forward] # Indicate whether the module is activated. # Default: true #enabled=true # A request/response enters module if the boolean filter evaluates # to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain # in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org') # && (user-agent == 'Linphone v2'). You can consult the full filter # documentation here : https://wiki.linphone.org/xwiki/wiki/public/view/Flexisip/Configuration/Filter%20syntax/ # Default: #filter= # A path to a configuration file describing routes to be prepended # before forwarding a request, when specific conditions for the # SIP request being forwarded are met. The condition is described # using flexisip's filter syntax, as described on # https://wiki.linphone.org/xwiki/wiki/public/view/Flexisip/Configuration/Filter%20syntax/ # The configuration file comprises lines using the following syntax: # # Comments are allowed with '#'. # Conditions can spread over multiples lines provided that the continuation # line starts with either spaces or tabs. # The special condition '*' matches every request. # The conditions are matched in the order they appear in the configuration # file. The first fulfilled condition determines the route that # is prepended.If the request does not match any condition, no route # is prepended. # The file may be empty, or no path may be specified, in which case # no route is preprended either. Here is a an example of a valid # routes configuration file: # request.uri.domain == 'example.org' # request.uri.params contains # 'user=phone' # # Beware: that is not just a SIP URI, but a route. As a result, # when the URI has parameters, brackets must enclose the URI, otherwise # the parameters will be parsed as route parameters. # Default: #routes-config-path= # Add a path header of this proxy # Default: true #add-path=true # For SIP URIs, in asbsence of transport parameter, assume the given # transport is to be used. Possible values are udp, tcp or tls. # Default: udp #default-transport=udp # List of URL and contact params to remove # Default: pn-tok pn-type app-id pn-msg-str pn-call-str pn-call-snd pn-msg-snd pn-timeout pn-silent pn-provider pn-prid pn-param #params-to-remove=pn-tok pn-type app-id pn-msg-str pn-call-str pn-call-snd pn-msg-snd pn-timeout pn-silent pn-provider pn-prid pn-param ## ## Inter domain connections is a set of feature allowing to dynamically ## connect several Flexisip servers together in order to manage SIP ## routing at local and global scope. Let's suppose you have two ## SIP network a.example.net and b.example.net run privately and ## independently (no one from a.example.net needs to call someone ## at b.example.net). However, when people from a and b are outside ## of their network, they register to a worldwide available Flexisip ## instance running on 'global.example.net'. It is then possible ## to: ## * have calls made within a.example.net routed locally and sent ## to global.example.net in order to reach users inside and outside ## of a's network. Example: 1@a.example.net calls 2@a.example.net. ## If 2 is registered on a.example.net then the call is routed locally. ## On the contrary if 2 is absent and registered, the call is then ## sent to global.example.net and then routed by the global proxy. ## * when global.example.net receives a call from a user not within ## its native network (ex: 1@a.example.net calls 2@a.example.net), ## it can route this call to the proxy that is responsible for managing ## the local domain (a.example.net). ## ## This system is dynamic: the physical IP address of a and b network ## can change (dynamic ip address allocation) ## .This scenario is achieved with two key features: ## * a.example.net sends a REGISTER to global.example.net to indicate ## that it is the responsible for the entire domain a.example.net. ## The global.example.net authenticates this REGISTER thanks to TLS ## client certificate presented by a.example.net. ## * global.example.net is configured to accept this domain registration ## and route all calls it receives directly and destinated to a.example.net ## domain through the connection established by a.example.net during ## the domain registration. ## [inter-domain-connections] # Whether Flexisip shall accept registrations for entire domains # Default: false #accept-domain-registrations=false # Whether Flexisip shall assume that there is a unique server per # registered domain, which allows to clean old registrations and # simplifies the routing logic. # Default: false #assume-unique-domains=false # Path to a text file describing the domain registrations to make. # This file must contains lines like: # [password]> # where: # is a domain name managed locally by this # proxy # is the SIP URI where the domain # registration will be sent. The special uri parameter 'tls-certificates-dir' # is understood in order to specify a TLS client certificate to # present to the remote proxy. # [password] is the password to use if the remote proxy/registrar # requests a digest authentication. It is optional. # If the file is absent or empty, no registrations are done.An # example of such line is: # belledonne.linphone.org # gghhiioozz # Default: /etc/flexisip/domain-registrations.conf #domain-registrations=/etc/flexisip/domain-registrations.conf # When submitting a domain registration to a server over TLS, verify # the certificate presented by the server. Disabling this option # is only for test, because it is a security flaw # Default: true #verify-server-certs=true # Interval for sending \r\n\r\n keepalives through the outgoing # domain registration connection.A value of zero disables keepalives. # Default: 30 # Default unit: second #keepalive-interval=30 # Delay after which TCP/TLS connections will be considered as broken # if no CRLF pong has been received from the registrar. A delay # of 0 means that no pong is expected after ping. The registrar # must advertise the 'outbound' option tag in a Supported header # for this detection to be active. # Warning: This parameter must be strictly lower than “keepalive-interval”. # Default: 0 # Default unit: second #ping-pong-timeout-delay=0 # Delay before creating a new connection after connection is known # as broken. Set '0' in order the connection be recreated immediately. # Default: 5 # Default unit: second #reconnection-delay=5 # Whether Flexisip shall only send a domain registration when a # device is registered # Default: false #reg-when-needed=false # Route received REGISTER request to the server in charge of the # domain, according to accepted domain registrations. This option # is intended to be used with 'reg-on-response' mode of Registrar # module, and 'accept-domain-registrations' enabled too.The 'reg-on-response' # mode typically allows Flexisip to forward an incoming REGISTER # to an upstream server, and record the client's contact address # upon receiving the 200 Ok response from the upstream server. When # 'relay-reg-to-domains' is enabled, the routing to the upstream # server is performed according to the domain registrations received # previously by flexisip, instead of usual DNS-based procedures. # Default: false #relay-reg-to-domains=false # regex to match domain names (host part of URL) for which the register # requests should be routed to the upstream server.This option is # intended to be used with 'relay-reg-to-domains' mode enabled. # Default: #relay-reg-to-domains-regex=