/[resiprocate]/main/repro/repro.config
ViewVC logotype

Annotation of /main/repro/repro.config

Parent Directory Parent Directory | Revision Log Revision Log


Revision 11220 - (hide annotations) (download)
Sat Aug 30 14:15:39 2014 UTC (5 years, 3 months ago) by dpocock
File MIME type: text/plain
File size: 39697 byte(s)
repro: Logging: configuring Syslog facility
1 sgodin 9286 ########################################################
2     # repro configuration file
3     ########################################################
4    
5    
6     ########################################################
7     # Log settings
8     ########################################################
9    
10     # Logging Type: syslog|cerr|cout|file
11 sgodin 9633 # Note: Logging to cout can negatively effect performance.
12 sgodin 11151 # When repro is placed into production 'file' or
13 sgodin 9633 # 'syslog' should be used.
14     LoggingType = cout
15 sgodin 9286
16 dpocock 11220 # For syslog, also specify the facility, default is LOG_DAEMON
17     SyslogFacility = LOG_DAEMON
18    
19 sgodin 9286 # Logging level: NONE|CRIT|ERR|WARNING|INFO|DEBUG|STACK
20     LogLevel = INFO
21    
22     # Log Filename
23     LogFilename = repro.log
24    
25     # Log file Max Bytes
26     LogFileMaxBytes = 5242880
27    
28 dpocock 10008 # Instance name to be shown in logs, very useful when multiple instances
29     # logging to syslog concurrently
30     # If unspecified, defaults to argv[0] (name of the executable)
31 dpocock 10709 #LoggingInstanceName = repro-dev
32 sgodin 9286
33 sgodin 11151 # Enable INFO level SIP Message Logging - outputs all SIP messages
34     # sent and/or received to log file in an easy to read format
35     EnableSipMessageLogging = false
36    
37 sgodin 9286 ########################################################
38     # Transport settings
39     ########################################################
40    
41 Dpocock 10700 # Set an upper limit on the maximum size of a SIP message payload
42     # that the stack will accept. If a payload received over a
43     # connection-oriented transport exceeds this size, the
44     # connection will be dropped.
45 Dpocock 10702 # This applies to TCP, TLS and WebSocket transports.
46     # UDP payload sizes are limited by the maximum datagram size
47     # and any fragmentation constraints.
48     #StreamMessageSizeLimit = 65536
49 Dpocock 10700
50 sgodin 9286 # Local IP Address to bind SIP transports to. If left blank
51     # repro will bind to all adapters.
52     #IPAddress = 192.168.1.106
53     #IPAddress = 2001:5c0:1000:a::6d
54     IPAddress =
55    
56     # Local port to listen on for SIP messages over UDP - 0 to disable
57     UDPPort = 5060
58    
59     # Local port to listen on for SIP messages over TCP - 0 to disable
60     TCPPort = 5060
61    
62     # Local port to listen on for SIP messages over TLS - 0 to disable
63 sgodin 9802 TLSPort = 0
64 sgodin 9286
65 dpocock 10094 # Local port to listen on for SIP messages over WS (WebSocket) - 0 to disable
66 dpocock 10102 WSPort = 0
67 dpocock 10094
68     # Local port to listen on for SIP messages over WSS (WebSocket TLS) - 0 to disable
69 dpocock 10102 WSSPort = 0
70 dpocock 10094
71 sgodin 9286 # Local port to listen on for SIP messages over DTLS - 0 to disable
72     DTLSPort = 0
73    
74     # TLS domain name for this server (note: domain cert for this domain must be present)
75     TLSDomainName =
76    
77 dpocock 10470 # PEM-encoded X.509 certificate for TLS
78     # Must contain any intermediate certificates from the CA
79     # The TLSCertificate and TLSPrivateKey parameters are optional. The stack
80     # will also try to automatically detect any suitable certificates
81     # in the directory specified by CertificatePath
82     TLSCertificate =
83    
84     # PEM-encoded private key for TLS
85     TLSPrivateKey =
86    
87 sgodin 11146 # Private key pass phrase if private keys are encrypted with a password
88     TLSPrivateKeyPassPhrase =
89    
90 dpocock 9622 # Whether or not we ask for (Optional) or expect (Mandatory) TLS
91     # clients to present a client certificate
92     # Possible values:
93     # None: client can connect without any cert, if a cert is sent, it is not checked
94     # Optional: client can connect without any cert, if a cert is sent, it must be acceptable to us
95     # Mandatory: client can not connect without any cert, cert must be acceptable to us
96     # How we decide if a cert is acceptable: it must meet two criteria:
97     # 1. it must be signed by a CA that we trust (see CADirectory)
98     # 2. the domain or full sip: URI in the cert must match the From: URI of all
99     # SIP messages coming from the peer
100     TLSClientVerification = None
101    
102     # Whether we accept the subjectAltName email address as if it was a SIP
103     # address (when checking the validity of a client certificate)
104     # Very few commercial CAs offer support for SIP addresses in subjectAltName
105     # For many purposes, an email address subjectAltName may be considered
106     # equivalent within a specific domain.
107     # Currently, this accepts such certs globally (for any incoming connection),
108     # not just for connections from the local users.
109     TLSUseEmailAsSIP = false
110    
111 sgodin 9286 # Alternate and more flexible method to specify transports to bind to. If specified here
112     # then IPAddress, and port settings above are ignored.
113     # Transports MUST be numbered in sequential order, starting from 1. Possible settings are:
114 sgodin 10009 # Transport<Num>Interface = <IPAddress>:<Port> - Note: For IPv6 addresses last colon separates
115     # IP Address and Port - square bracket notation
116     # is not used.
117 Dpocock 10103 # Transport<Num>Type = <'TCP'|'UDP'|'TLS'|'DTLS'|'WS'|'WSS'> - default is UDP if missing
118     # Transport<Num>TlsDomain = <TLSDomain> - only required if transport is TLS, DTLS or WSS
119 dpocock 10470 # Transport<Num>TlsCertificate = <TLSCertificate> - only for TLS, DTLS or WSS
120     # Transport<Num>TlsPrivateKey = <TLSPrivateKey> - only for TLS, DTLS or WSS
121 sgodin 11146 # Transport<Num>TlsPrivatePassPhrase = <TLSPrivateKeyPassPhrase> - only for TLS, DTLS or WSS
122     # when private key has passwd
123 dpocock 9622 # Transport<Num>TlsClientVerification = <'None'|'Optional'|'Mandatory'> - default is None
124 sgodin 9286 # Transport<Num>RecordRouteUri = <'auto'|URI> - if set to auto then record route URI
125     # is automatically generated from the other
126     # transport settings. Otherwise explicity
127     # enter the full URI you want repro to use.
128     # Do not specify 'auto' if you specified
129     # the IPAddress as INADDR_ANY (0.0.0.0).
130     # If nothing is specified then repro will
131     # use the global RecordRouteUri setting.
132     #
133     # Transport<Num>RcvBufLen = <SocketReceiveBufferSize> - currently only applies to UDP transports,
134     # leave empty to use OS default
135     # Example:
136     # Transport1Interface = 192.168.1.106:5060
137     # Transport1Type = TCP
138     # Transport1RecordRouteUri = auto
139     #
140     # Transport2Interface = 192.168.1.106:5060
141     # Transport2Type = UDP
142     # Transport2RecordRouteUri = auto
143     # Transport2RcvBufLen = 10000
144     #
145     # Transport3Interface = 192.168.1.106:5061
146     # Transport3Type = TLS
147 dpocock 9622 # Transport3TlsDomain = sipdomain.com
148 dpocock 10470 # Transport3TlsCertificate = /etc/ssl/crt/sipdomain.com.crt
149     # Transport3TlsPrivateKey = /etc/ssl/private/sipdomain.com.key
150 sgodin 11146 # Transport3TlsPrivateKeyPassPhrase = password
151 dpocock 9622 # Transport3TlsClientVerification = Mandatory
152 sgodin 9286 # Transport3RecordRouteUri = sip:h1.sipdomain.com;transport=TLS
153 sgodin 10009 #
154     # Transport4Interface = 2666:f0d0:1008:88::4:5060
155     # Transport4Type = UDP
156     # Transport4RecordRouteUri = auto
157 sgodin 9286
158 Dpocock 10103 # Transport5Interface = 192.168.1.106:5062
159     # Transport5Type = WS
160     # Transport5RecordRouteUri = auto
161    
162     # Transport6Interface = 192.168.1.106:5063
163     # Transport6Type = WSS
164     # Transport6TlsDomain = sipdomain.com
165     # Transport6TlsClientVerification = None
166     # Transport6RecordRouteUri = sip:h1.sipdomain.com;transport=WS
167    
168 sgodin 9633 # Comma separated list of DNS servers, overrides default OS detected list (leave blank
169     # for default)
170 sgodin 9286 DNSServers =
171    
172     # Enable IPv6
173 Dpocock 10291 EnableIPv6 = true
174 sgodin 9286
175     # Enable IPv4
176     DisableIPv4 = false
177    
178 dpocock 10270 # Comma separated list of IP addresses used for binding the HTTP configuration interface
179     # and/or certificate server. If left blank it will bind to all adapters.
180     HttpBindAddress =
181    
182 sgodin 9633 # Port on which to run the HTTP configuration interface and/or certificate server
183     # 0 to disable (default: 5080)
184 sgodin 9286 HttpPort = 5080
185    
186     # disable HTTP challenges for web based configuration GUI
187     DisableHttpAuth = false
188    
189 Dpocock 10899 # Realm to use for HTTP admin interface digest authentication
190     HttpAdminRealm = repro
191 sgodin 9286
192 Dpocock 10899 # File containing user/password details
193 Dpocock 10914 #
194     # The format is:
195     #
196     # username:realm:HA1
197     #
198     # where
199     #
200     # user = admin
201     # realm = the value from HttpAdminRealm
202     # HA1 = `echo -n user:realm:password | md5sum`
203     #
204     # You can use the htdigest utility from Apache to create and
205     # manage this file
206     #
207 Dpocock 10899 HttpAdminUserFile = users.txt
208    
209 dpocock 10270 # Comma separated list of IP addresses used for binding the Command Server listeners.
210     # If left blank it will bind to all adapters.
211     CommandBindAddress =
212    
213 sgodin 9633 # Port on which to listen for and send XML RPC messaging used in command processing
214     # 0 to disable (default: 5081)
215 sgodin 9392 CommandPort = 5081
216 sgodin 9286
217 sgodin 9633 # Port on which to listen for and send XML RPC messaging used in registration sync
218     # process - 0 to disable (default: 0)
219 sgodin 9392 RegSyncPort = 0
220    
221 sgodin 9633 # Hostname/ip address of another instance of repro to synchronize registrations with
222     # (note xmlrpcport must also be specified)
223 sgodin 9286 RegSyncPeer =
224    
225 Dpocock 10793 # Non-outbound connections over this age (expressed in seconds) are
226     # considered eligible for garbage collection.
227     # If not set but FlowTimer is set, then this value defaults to 7200 seconds
228     # Otherwise, there is no garbage collection at all unless an error occurs
229     # when making an outgoing connection.
230     #TCPConnectionGCAge =
231 sgodin 9286
232 Dpocock 10795 # File descriptor headroom threshold for emergency garbage collection
233     # If the difference between the number of permitted FDs
234     # (reported by periodic calls to getrlimit()) and the number
235     # of active stream connections falls below this threshold,
236     # the garbage collector will overlook TCPConnectionGCAge and
237     # FlowTimer settings and more aggressively close connections
238     # By default, this feature is not enabled
239     # Remember that the value must be high enough to allow file descriptors
240     # for each shared library that is open, each database connection,
241     # each listening socket and any sockets/files accessed by plugins
242     #TCPMinimumGCHeadroom =
243    
244 sgodin 9286 ########################################################
245     # Misc settings
246     ########################################################
247    
248 dpocock 10723 # Directory where plugins are located
249     # The default is determined at build time depending upon the
250     # target environment and the installation prefix passed to
251     # the configure script
252 Dpocock 10929 #PluginDirectory = /usr/lib/repro/plugins
253 dpocock 10723
254     # List of plugins to load (comma-separated list)
255     # These are the names of the plugins and not the full filenames
256     # Order is important: the plugins will always be loaded and
257     # initialized in the order specified here
258     # Plugins are not supported on all platforms and plugin support is an
259     # optional feature that must be enabled at compile time.
260     #
261     # For example, to load the plugin named "example", which is in libexample.so:
262     #LoadPlugins = example
263    
264 dpocock 10022 # Drop privileges and run as some other user and group
265     # If RunAsUser is specified and RunAsGroup is not specified,
266     # then setgid will be invoked using the default group for
267     # the specified user
268     # If neither option is specified, then no attempt will be made
269     # to call setuid/setgid (there is no default value)
270     #RunAsUser = repro
271     #RunAsGroup = repro
272    
273 sgodin 9633 # Must be true or false, default = false, not supported on Windows
274     Daemonize = false
275    
276     # On UNIX it is normal to create a PID file
277     # if unspecified, no attempt will be made to create a PID file
278     #PidFile = /var/run/repro/repro.pid
279    
280 dpocock 10471 # Path to load certificates from (optional, there is no default)
281     # Note that repro loads ALL root certificates found by any of the settings
282     #
283     # CertificatePath
284     # CADirectory
285     # CAFile
286     #
287     # Setting one option does not disable the other options.
288     #
289 dpocock 9613 # Certificates in this location have to match one of the filename
290     # patterns expected by the legacy reSIProcate SSL code:
291 dpocock 10471 #
292 dpocock 9612 # domain_cert_NAME.pem, root_cert_NAME.pem, ...
293 dpocock 10471 #
294     # For domain certificates, it is recommended to use the options
295     # for individual transports, such as TransportXTlsCertificate and
296     # TransportXTlsPrivateKey and not set CertificatePath at all.
297     #
298 sgodin 9286 CertificatePath =
299    
300 dpocock 9612 # Path to load root certificates from
301     # Iff this directory is specified, all files in the directory
302     # will be loaded as root certificates, prefixes and suffixes are
303     # not considered
304 dpocock 9613 # Note that repro loads ALL root certificates found by the settings
305     # CertificatePath, CADirectory and CAFile. Setting one option does
306     # not disable the other options.
307 dpocock 9612 # On Debian, the typical location is /etc/ssl/certs
308     #CADirectory = /etc/ssl/certs
309    
310 dpocock 9613 # Specify a single file containing one or more root certificates
311     # and possible chain/intermediate certificates to be loaded
312     # Iff this filename is specified, the certificates in the file will
313 dpocock 9612 # be loaded as root certificates
314 dpocock 9613 #
315     # This does NOT currently support bundles of unrelated root certificates
316     # stored in the same PEM file, it ONLY supports related/chained root
317     # certificates. If multiple roots must be supported, use the CADirectory
318     # option.
319     #
320     # In the future, this behavior may change to load a bundle,
321     # such as /etc/ssl/certs/ca-certificates.txt on Debian and
322     # /etc/pki/tls/cert.pem on Red Hat/CentOS
323     #
324     # Note that repro loads ALL root certificates found by the settings
325     # CertificatePath, CADirectory and CAFile. Setting one option does
326     # not disable the other options.
327     #
328     # This example loads just the CACert.org chain, which typically
329     # includes the class 1 root and the class 3 root (signed by the class 1 root)
330     #CAFile = /etc/ssl/certs/cacert.org.pem
331 dpocock 9612
332 sgodin 9286 # The Path to read and write Berkely DB database files
333     DatabasePath = ./
334    
335 sgodin 9740 # The hostname running MySQL server to connect to, leave blank to use BerkelyDB.
336 sgodin 9407 # The value of host may be either a host name or an IP address. If host is "localhost",
337     # a connection to the local host is assumed. For Windows, the client connects using a
338     # shared-memory connection, if the server has shared-memory connections enabled. Otherwise,
339     # TCP/IP is used. For Unix, the client connects using a Unix socket file. For a host value of
340     # "." on Windows, the client connects using a named pipe, if the server has named-pipe
341     # connections enabled. If named-pipe connections are not enabled, an error occurs.
342     # WARNING: repro must be compiled with the USE_MYSQL flag in order for this work.
343 sgodin 9286 MySQLServer =
344    
345 sgodin 9407 # The MySQL login ID to use when connecting to the MySQL Server. If user is empty string "",
346     # the current user is assumed. Under Unix, this is the current login name. Under Windows,
347     # the current user name must be specified explicitly.
348     MySQLUser = root
349    
350     # The password for the MySQL login ID specified.
351     MySQLPassword = root
352    
353     # The database name on the MySQL server that contains the repro tables
354     MySQLDatabaseName = repro
355    
356     # If port is not 0, the value is used as the port number for the TCP/IP connection. Note that
357     # the host parameter determines the type of the connection.
358     MySQLPort = 3306
359    
360 sgodin 9740 # The Users and MessageSilo database tables are different from the other repro configuration
361     # database tables, in that they are accessed at runtime as SIP requests arrive. It may be
362     # desirable to use BerkeleyDb for the other repro tables (which are read at starup time, then
363     # cached in memory), and MySQL for the runtime accessed tables; or two seperate MySQL instances
364     # for these different table sets. Use the following settings in order to specify a seperate
365     # MySQL instance for use by the Users and MessageSilo tables.
366     #
367     # WARNING: repro must be compiled with the USE_MYSQL flag in order for this work.
368     #
369     # Note: If this setting is left blank then repro will fallback all remaining my sql
370     # settings to use the global MySQLServer settings. If the MySQLServer setting is also
371     # blank, then repro will use BerkelyDB for all configuration tables. See the
372     # documentation on the global MySQLServer settings for more details on the following
373     # individual settings.
374     RuntimeMySQLServer =
375     RuntimeMySQLUser = root
376     RuntimeMySQLPassword = root
377     RuntimeMySQLDatabaseName = repro
378     RuntimeMySQLPort = 3306
379    
380     # If you would like to be able to authenticate users from a MySQL source other than the repro user
381 sgodin 9407 # database table itself, then specify the query here. The following conditions apply:
382 sgodin 9740 # 1. The database table must reside on the same MySQL server instance as the repro database
383     # or Runtime tables database.
384 sgodin 9407 # 2. The statement provided will be UNION'd with the hardcoded repro query, so that auth from
385     # both sources is possible. Note: If the same user exists in both tables, then the repro
386     # auth info will be used.
387     # 3. The provided SELECT statement must return the SIP A1 password hash of the user in question.
388     # 4. The provided SELECT statement must contain two tags embedded into the query: $user and $domain
389     # These tags should be used in the WHERE clause, and repro will replace these tags with the
390     # actual user and domain being queried.
391     # Example: SELECT sip_password_ha1 FROM directory.users WHERE sip_userid = '$user' AND
392     # sip_domain = '$domain' AND account_status = 'active'
393     MySQLCustomUserAuthQuery =
394    
395 sgodin 9770 # Session Accounting - When enabled resiprocate will push a JSON formatted
396     # events for sip session related messaging that the proxy receives,
397     # to a persistent message queue that uses berkeleydb backed storage.
398 sgodin 9796 # The following session events are logged:
399     # Session Created - INVITE passing authentication was received
400     # Session Routed - received INVITE was forward to a target
401     # Session Redirected - session was 3xx redirected or REFERed
402     # Session Established - there was 2xx answer to an INVITE (only generate for first 2xx)
403     # Session Cancelled - CANCEL was received
404     # Session Ended - BYE was received from either end
405     # Session Error - a 4xx, 5xx, or 6xx response was sent to the inviter
406 sgodin 9770 # Consuming Accounting Events:
407     # Users must ensure that this message queue is consumed, or it will grow without
408     # bound. A queuetostream consumer process is provided, that will consume the
409     # events from the message queue and stream them to stdout. This output stream can
410     # be consumed by linux scripting tools and converted to database records or some
411     # other relevant representation of the data.
412     # For example: ./queuetostream ./sessioneventqueue > streamconsumer
413     # In the future a MySQL consumer may also be provided in order to update
414     # session accounting records in a MySQL database table.
415     SessionAccountingEnabled = false
416    
417 sgodin 9796 # The following setting determines if repro will add routing header information
418     # (ie. Route, and Record-Route headers)to the Session Created, Session Routed
419 sgodin 9784 # and Session Established events.
420 sgodin 9785 SessionAccountingAddRoutingHeaders = false
421 sgodin 9784
422     # The following setting determines if we will add via header information to
423     # the Session Created event.
424 sgodin 9785 SessionAccountingAddViaHeaders = false
425 sgodin 9784
426 sgodin 9770 # Registration Accounting - When enabled resiprocate will push a JSON formatted
427     # events for every registration, re-registration, and unregistration message
428     # received to a persistent message queue that uses berkeleydb backed storage.
429     # The following registration events are logged:
430 sgodin 9796 # Registration Added - initial registration received
431     # Registration Refreshed - registration refresh received / re-register
432     # Registration Removed - registration removed by client / unregister
433     # Registration Removed All - all contacts registration remove / unregister
434 sgodin 9770 # Consuming Accounting Events:
435     # Users must ensure that this message queue is consumed, or it will grow without
436     # bound. A queuetostream consumer process is provided, that will consume the
437     # events from the message queue and stream them to stdout. This output stream can
438     # be consumed by linux scripting tools and converted to database records or some
439     # other relevant representation of the data.
440     # For example: ./queuetostream ./regeventqueue > streamconsumer
441     # In the future a MySQL consumer may also be provided in order to update
442     # login/registration accounting records in a MySQL database table.
443     RegistrationAccountingEnabled = false
444    
445 sgodin 9796 # The following setting determines if repro will add routing header information
446     # (ie. Route and Path headers)to registration accounting events.
447 sgodin 9785 RegistrationAccountingAddRoutingHeaders = false
448 sgodin 9784
449     # The following setting determines if we will add via header information to
450     # the registration accounting events.
451 sgodin 9785 RegistrationAccountingAddViaHeaders = false
452 sgodin 9784
453 sgodin 9791 # The following setting determines if we log the RegistrationRefreshed events
454     RegistrationAccountingLogRefreshes = false
455    
456 sgodin 9286 # Run a Certificate Server - Allows PUBLISH and SUBSCRIBE for certificates
457     EnableCertServer = false
458    
459 Dpocock 10792 # Value of server and user agent headers for local UAS and registration
460     # server responses
461     #
462     # Default value is "repro PACKAGE_VERSION" if PACKAGE_VERSION is defined
463     # during compilation and no header is generated at all otherwise
464     #
465     #ServerText =
466 sgodin 9286
467 sgodin 9367 # Enables Congestion Management
468     CongestionManagement = true
469 sgodin 9286
470 sgodin 9372 # Congestion Management Metric - can take one of the following values:
471     # SIZE : Based solely on the number of messages in each fifo
472     # TIME_DEPTH : Based on the age of the oldest (front-most) message
473     # in each fifo.
474     # WAIT_TIME : Based on the expected wait time for each fifo; this is
475     # calculated by multiplying the size by the average service time.
476     # This is the recommended metric.
477     CongestionManagementMetric = WAIT_TIME
478    
479     # Congestion Management Tolerance for the given metric. This determines when the RejectionBehavior
480     # changes.
481     # 0-80 percent of max tolerance -> NORMAL (Not rejecting any work.)
482     # 80-100 percent of max tolerance -> REJECTING_NEW_WORK (Refuses new work,
483     # not continuation of old work.)
484     # >100 percent of max tolerance -> REJECTING_NON_ESSENTIAL (Rejecting all work
485     # that is non-essential to the health of the system (ie, if dropping
486     # something is liable to cause a leak, instability, or state-bloat, don't drop it.
487     # Otherwise, reject it.)
488     # Units specified are dependent on Metric specified above:
489     # If Metric is SIZE then units are number of messages
490     # If Metric is TIME_DEPTH then units are the number seconds old the oldest message is
491     # If Metric is WAIT_TIME then units are the expected wait time of each fifo in milliseconds
492     CongestionManagementTolerance = 200
493    
494 sgodin 9633 # Specify the number of seconds between writes of the stack statistics block to the log files.
495     # Specifying 0 will disable the statistics collection entirely. If disabled the statistics
496     # also cannot be retreived using the reprocmd interface.
497     StatisticsLogInterval = 3600
498    
499 sgodin 9367 # Use MultipleThreads stack processing.
500     ThreadedStack = true
501 sgodin 9286
502 sgodin 9633 # The number of worker threads used to asynchronously retrieve user authentication information
503     # from the database store.
504     NumAuthGrabberWorkerThreads = 2
505    
506     # The number of worker threads in Async Processor tread pool. Used by all Async Processors
507     # (ie. RequestFilter)
508     NumAsyncProcessorWorkerThreads = 2
509    
510     # Specify domains for which this proxy is authorative (in addition to those specified on web
511     # interface) - comma separate list
512 dpocock 9809 # Notes: * Domains specified here cannot be used when creating users, domains used in user
513     # AORs must be specified on the web interface.
514     # * In previous versions of repro, localhost, 127.0.0.1, the machine's hostname,
515     # and all interface addresses would automatically be appended to this
516     # configuration parameter. From now on, such values must be listed
517     # here explicitly if required, e.g.
518     #
519     # Domains = localhost, 127.0.0.1, sip-server.example.org, 10.83.73.80
520     #
521     # although when using TLS only, it is not desirable or necessary to
522     # add such values.
523     #
524 sgodin 9286 Domains =
525    
526     # Uri to use as Record-Route
527     RecordRouteUri =
528    
529     # Force record-routing
530 sgodin 9633 # WARNING: Before enabling this, ensure you have a RecordRouteUri setup, or are using
531     # the alternate transport specification mechanism and defining a RecordRouteUri per
532     # transport: TransportXRecordRouteUri
533 sgodin 9286 ForceRecordRouting = false
534    
535     # Assume path option
536     AssumePath = false
537    
538     # Disable registrar
539     DisableRegistrar = false
540    
541     # Specify a comma separate list of enum suffixes to search for enum dns resolution
542     EnumSuffixes =
543    
544 dpocock 9813 # Specify the target domain(s) for ENUM logic support. When a dialed SIP URI
545     # is addressed to +number@somedomain,
546     # where somedomain is an element of EnumDomains,
547     # the ENUM logic will be applied for the number
548     # If empty, ENUM is never used
549     EnumDomains =
550    
551 sgodin 9633 # Specify length of timer C in sec (0 or negative will disable timer C) - default 180
552 sgodin 9286 TimerC = 180
553    
554 sgodin 9633 # Override the default value of T1 in ms (you probably should not change this) - leave
555     # as 0 to use default of 500ms)
556 sgodin 9286 TimerT1 = 0
557    
558     # Disable outbound support (RFC5626)
559 sgodin 9633 # WARNING: Before enabling this, ensure you have a RecordRouteUri setup, or are using
560     # the alternate transport specification mechanism and defining a RecordRouteUri per
561     # transport: TransportXRecordRouteUri
562 sgodin 9395 DisableOutbound = true
563 sgodin 9286
564     # Set the draft version of outbound to support (default: RFC5626)
565 sgodin 9633 # Other accepted values are the versions of the IETF drafts, before RFC5626 was issued
566     # (ie. 5, 8, etc.)
567 sgodin 9286 OutboundVersion = 5626
568    
569 sgodin 9688 # There are cases where the first hop in a particular network supports the concept of outbound
570     # and ensures all messaging for a client is delivered over the same connection used for
571     # registration. This could be a SBC or other NAT traversal aid router that uses the Path
572     # header. However such endpoints may not be 100% compliant with outbound RFC and may not
573     # include a ;ob parameter in the path header. This parameter is required in order for repro
574     # to have knowledge that the first hop does support outbound, and it will reject registrations
575     # that appear to be using outboud (ie. instanceId and regId) with a 439 (First Hop Lacks Outbound
576     # Support). In this case it can be desirable when using repro as the registrar to not reject
577     # REGISTRATION requests that contain an instanceId and regId with a 439.
578     # If this setting is enabled, then repro will assume the first hop supports outbound
579     # and not return this error.
580     AssumeFirstHopSupportsOutbound = false
581    
582 sgodin 9286 # Enable use of flow-tokens in non-outbound cases
583 sgodin 9633 # WARNING: Before enabling this, ensure you have a RecordRouteUri setup, or are using
584     # the alternate transport specification mechanism and defining a RecordRouteUri per
585     # transport: TransportXRecordRouteUri
586 sgodin 9286 EnableFlowTokens = false
587    
588 sgodin 9633 # Enable use of flow-tokens in non-outbound cases for clients detected to be behind a NAT.
589     # This a more selective flow token hack mode for clients not supporting RFC5626. The
590     # original flow token hack (EnableFlowTokens) will use flow tokens on all client requests.
591     # Possible values are: DISABLED, ENABLED and PRIVATE_TO_PUBLIC.
592     # WARNING: Before enabling this, ensure you have a RecordRouteUri setup, or are using
593     # the alternate transport specification mechanism and defining a RecordRouteUri per
594     # transport: TransportXRecordRouteUri
595 sgodin 9286 ClientNatDetectionMode = DISABLED
596    
597 sgodin 9633 # Set to greater than 0 to enable addition of Flow-Timer header to REGISTER responses if
598     # outbound is enabled (default: 0)
599 sgodin 9286 FlowTimer = 0
600    
601    
602     ########################################################
603 sgodin 9633 # CertificateAuthenticator Monkey Settings
604     ########################################################
605    
606     # Enables certificate authenticator - note you MUST use a TlsTransport
607     # with TlsClientVerification set to Optional or Mandatory.
608     # There are two levels of checking:
609     # a) cert must be signed by a CA trusted by the stack
610     # b) the CN or one of the subjectAltName values must match the From:
611     # header of each SIP message on the TlsConnection
612     # Examples:
613     # Cert 1:
614     # common name = daniel@pocock.com.au
615     # => From: <daniel@pocock.com.au> is the only value that will pass
616     # Cert 2:
617     # subjectAltName = pocock.com.au
618     # => From: <<anything>@pocock.com.au> will be accepted
619     # Typically, case 1 is for a real client connection (e.g. Jitsi), case 2
620     # (whole domain) is for federated SIP proxy-to-proxy communication (RFC 5922)
621     EnableCertificateAuthenticator = false
622    
623 dpocock 9828 # A static text file that contains mappings of X.509 Common Names to
624     # permitted SIP `From:' addresses
625     #
626     # Without this file, the default behavior of the CertificateAuthenticator
627     # ensures that the `From:' address in SIP messages must match the
628     # Common Name or one of the subjectAltNames from the X.509 certificate
629     #
630     # When this file is supplied, the CertificateAuthenticator will continue
631     # to allow SIP messages where there is an exact match between the
632     # certificate and the `From:' address, but it will also allow
633     # the holder of a particular certificate to use any of the `mapped'
634     # `From:' addresses specified in the mappings file
635     #
636 dpocock 10052 # Default: there is no default value: if this filename is not specified,
637     # repro will not look for it
638     #
639 dpocock 9828 # File format:
640     # common name<TAB><mapping>,<mapping>,...
641     #
642     # where:
643     # <TAB> is exactly one tab
644     # <mapping> is `user@domain' or just `domain'
645     #
646 dpocock 10052 #CommonNameMappings = /etc/repro/tlsUserMappings.txt
647 sgodin 9633
648 dpocock 9828
649 sgodin 9633 ########################################################
650 sgodin 9286 # DigestAuthenticator Monkey Settings
651     ########################################################
652    
653 sgodin 9633 # Disable DIGEST challenges - disables this monkey
654 sgodin 9286 DisableAuth = false
655    
656 Dpocock 10849 # Always use a specified realm name to challenge
657     # Default behavior (if StaticRealm not specified) is to challenge
658     # using the hostname from the request URI as the realm
659     StaticRealm =
660    
661 Dpocock 10812 # Enable RADIUS lookups (only works if DIGEST enabled)
662     # Default: false
663     #EnableRADIUS = true
664    
665     # Specify the configuration file the RADIUS client should use
666     # This is the file that specifies the name of the RADIUS server to
667     # use and other essential parameters.
668     # If different processes each have different RADIUS parameters,
669     # they can copy the radiusclient.conf file to a non-standard location
670     # and modify it as required.
671     #
672     # Note the following:
673     # - the seqfile specified in the RADIUS configuration file
674     # must be writeable by the user the repro process runs as.
675     # It is a good idea to locate that file in a directory such as /var/run/repro
676     # owned by repro
677     # - the dictionary must include various elements such as Sip-Session,
678     # copy these from the sample dictionary.sip file
679     # Default: /etc/radiusclient/radiusclient.conf
680     #RADIUSConfiguration =
681    
682 sgodin 9286 # Http hostname for this server (used in Identity headers)
683     HttpHostname =
684    
685     # Disable adding identity headers
686     DisableIdentity = false
687    
688 sgodin 9633 # Enable addition and processing of P-Asserted-Identity headers
689     EnablePAssertedIdentityProcessing = false
690    
691 sgodin 9286 # Disable auth-int DIGEST challenges
692 sgodin 11146 DisableAuthInt = true
693 sgodin 9286
694 sgodin 9633 # Send 403 if a client sends a bad nonce in their credentials (will send a new
695     # challenge otherwise)
696 sgodin 9286 RejectBadNonces = false
697    
698     # allow To tag in registrations
699     AllowBadReg = false
700    
701 dpocock 10561 ########################################################
702     # Cookie Authentication Settings
703     ########################################################
704 sgodin 9286
705 dpocock 10561 # Shared secret for cookie HMAC validation. If there is no WSCookieAuthSharedSecret
706     # there will be no cookie validation.
707 Dpocock 10780 #
708     # See
709     # http://www.resiprocate.org/SIP_Over_WebSocket_Cookies
710     # for details of the cookie authentication scheme
711     #
712 dpocock 10561 # WSCookieAuthSharedSecret =
713    
714 Dpocock 10780 # Names of the cookies to use for the cookie authentication protocol
715     # These are the default values:
716     #WSCookieNameInfo = WSSessionInfo
717     #WSCookieNameExtra = WSSessionExtra
718     #WSCookieNameMAC = WSSessionMAC
719    
720 Dpocock 10925 # Name of the extension header that must match the content of
721     # the authenticated WSSessionExtra cookie
722     #WSCookieExtraHeaderName = X-WS-Session-Extra
723    
724 sgodin 9286 ########################################################
725 sgodin 9633 # RequestFilter Monkey Settings
726     ########################################################
727    
728     # Disable RequestFilter monkey processing
729     DisableRequestFilterProcessor = false
730    
731     # Default behavior for when no matching filter is found. Leave empty to allow
732     # request processing to continue. Otherwise set to a SIP status error code
733     # (400-699) that should be used to reject the request (ie. 500, Server Internal
734     # Error).
735     # The status code can optionally be followed by a , and SIP reason text.
736     RequestFilterDefaultNoMatchBehavior =
737    
738     # Default behavior for SQL Query db errors. Leave empty to allow request processing
739     # to continue. Otherwise set to a SIP status error code (400-699) that should be
740     # used to reject the request (ie. 500 - Server Internal Error).
741     # The status code can optionally be followed by a , and SIP reason text.
742     # Note: DB support for this action requires MySQL support.
743     RequestFilterDefaultDBErrorBehavior = 500, Server Internal DB Error
744    
745     # The hostname running MySQL server to connect to for any blocked entries
746     # that are configured to used a SQL statement.
747     # WARNING: repro must be compiled with the USE_MYSQL flag in order for this work.
748     #
749     # Note: If this setting is left blank then repro will fallback all remaining my sql
750 sgodin 9740 # settings to use the global RuntimeMySQLServer or MySQLServer settings. See the
751     # documentation on the global MySQLServer settings for more details on the following
752     # individual settings.
753 sgodin 9633 RequestFilterMySQLServer =
754     RequestFilterMySQLUser = root
755     RequestFilterMySQLPassword = root
756     RequestFilterMySQLDatabaseName =
757     RequestFilterMySQLPort = 3306
758    
759    
760     ########################################################
761 sgodin 9286 # StaticRoute Monkey Settings
762     ########################################################
763    
764 sgodin 9633 # Specify where to route requests that are in this proxy's domain - disables the
765     # routes in the web interface and uses a SimpleStaticRoute monkey instead.
766     # A comma seperated list of routes can be specified here and each route will
767     # be added to the outbound Requests with the RequestUri left in tact.
768 sgodin 9286 Routes =
769    
770 sgodin 9633 # Parallel fork to all matching static routes
771 sgodin 9286 ParallelForkStaticRoutes = false
772    
773 sgodin 9633 # By default (false) we will stop looking for more Targets if we have found
774     # matching routes. Setting this value to true will allow the LocationServer Monkey
775     # to run after StaticRoutes have been found. In this case the matching
776     # StaticRoutes become fallback targets, processed only after all location server
777     # targets fail.
778     ContinueProcessingAfterRoutesFound = false
779 sgodin 9286
780 Dpocock 10814 # Challenge calls from third-party domains to local domains
781     # If certificate authentication is enabled and a
782     # request arrives over TLS, they will still not be
783     # challenged anyway if their domain certificate
784     # validates their message.
785     # Default: true if DIGEST challenge is enabled
786     ChallengeThirdPartiesCallingLocalDomains = true
787 sgodin 9633
788 Dpocock 10814
789 sgodin 9286 ########################################################
790 sgodin 9633 # Message Silo Monkey Settings
791     ########################################################
792    
793     # Specify where the Message Silo is enabled or not. If enabled,
794     # then repro will store MESSAGE requests for users that are not online.
795     # When the user is back online (ie. registers with repro), the stored
796     # messages will be delivered.
797     MessageSiloEnabled = false
798    
799     # A regular expression that can be used to filter which URI's not to
800     # do message storage (siloing) for. Destination/To URI's matching
801     # this regular expression will not be silo'd.
802     MessageSiloDestFilterRegex =
803    
804     # A regular expression that can be used to filter which body/content/mime
805     # types not to do message storage (siloing) for. Content-Type's matching
806     # this regular expression will not be silo'd.
807     MessageSiloMimeTypeFilterRegex = application\/im\-iscomposing\+xml
808    
809     # The number of seconds a message request will be stored in the message silo.
810     # Messages older than this time, are candidates for deletion.
811     # Default (259200 seconds = 30 days)
812     MessageSiloExpirationTime = 2592000
813    
814     # Flag to indicate if a Date header should be added to replayed SIP
815     # MESSAGEs from the silo, when a user registers.
816     MessageSiloAddDateHeader = true
817    
818     # Defines the maximum message content length (bytes) that will be stored in
819     # the message silo. Messages with a Content-Length larger than this
820     # value will be discarded.
821     # WARNING: Do not increasing this value beyond the capabilities of the
822     # database storage or internal buffers.
823     # Note: AbstractDb uses a read buffer size of 8192 - do not exceed this size.
824     MessageSiloMaxContentLength = 4096
825    
826     # The status code returned to the sender when a messages is successfully
827     # silo'd.
828     MessageSiloSuccessStatusCode = 202
829    
830     # The status code returned to the sender when a messages mime-type matches
831     # the MessageSiloMimeTypeFilterRegex. Can be used to avoid sending errors
832     # to isComposing mime bodies that don't need to be silod. Set to 0 to use
833     # repro standard response (ie. 480).
834     MessageSiloFilteredMimeTypeStatusCode = 200
835    
836     # The status code returned to the sender when a messages is not silo'd due
837     # to the MaxContentLength being exceeded.
838     MessageSiloFailureStatusCode = 480
839    
840    
841     ########################################################
842 sgodin 9286 # Recursive Redirect Lemur Settings
843     ########################################################
844    
845 sgodin 9633 # Handle 3xx responses in the proxy - enables the Recursive Redirect Lemur
846 sgodin 9286 RecursiveRedirect = false
847    
848    
849     ########################################################
850 sgodin 9633 # Geo Proximity Target Sorter Baboon Settings
851     ########################################################
852    
853     # If enabled, then this baboon can post-process the target list.
854     # This includes targets from the StaticRoute monkey and/or targets
855     # from the LocationServer monkey. Requests that meet the filter
856     # criteria will have their Target list, flatened (serialized) and
857     # ordered based on the proximity of the target to the client sending
858     # the request. Proximity is determined by looking for a
859     # x-repro-geolocation="<latitude>,<longitude>" parameter on the Contact
860     # header of a received request, or the Contact headers of Registration
861     # requests. If this parameter is not found, then this processor will
862     # attempt to determine the public IP address closest to the client or
863     # target and use the MaxMind Geo IP library to lookup the geo location.
864     GeoProximityTargetSorting = false
865    
866     # Specify the full path to the IPv4 Geo City database file
867     # Note: A free version of the database can be downloaded from here:
868     # http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz
869     # For a more accurate database, please see the details here:
870     # http://www.maxmind.com/app/city
871     GeoProximityIPv4CityDatabaseFile = GeoLiteCity.dat
872    
873     # Specify the full path to the IPv6 Geo City database file
874     # Note: A free version of the database can be downloaded from here:
875     # http://geolite.maxmind.com/download/geoip/database/GeoLiteCityv6-beta/
876     # For a more accurate database, please see the details here:
877     # http://www.maxmind.com/app/city
878     # Leave blank to disable V6 lookups. Saves memory (if not required).
879     #GeoProximityIPv6CityDatabaseFile = GeoLiteCityv6.dat
880     GeoProximityIPv6CityDatabaseFile =
881    
882     # This setting specifies a PCRE compliant regular expression to attempt
883     # to match against the request URI of inbound requests. Any requests
884 sgodin 9796 # matching this expression, will have their targets sorted as described
885 sgodin 9633 # above. Leave blank to match all requests.
886     GeoProximityRequestUriFilter = ^sip:mediaserver.*@mydomain.com$
887    
888     # The distance (in Kilometers) to use for proximity sorting, when the
889     # Geo Location of a target cannot be determined.
890     GeoProximityDefaultDistance = 0
891    
892     # If enabled, then targets that are determined to be of equal distance
893     # from the client, will be placed in a random order.
894     LoadBalanceEqualDistantTargets = true
895    
896    
897     ########################################################
898 sgodin 9286 # Q-Value Target Handler Baboon Settings
899     ########################################################
900    
901 sgodin 9633 # Enable sequential q-value processing - enables the Baboon
902     QValue = true
903    
904     # Specify forking behavior for q-value targets: FULL_SEQUENTIAL, EQUAL_Q_PARALLEL,
905     # or FULL_PARALLEL
906 sgodin 9286 QValueBehavior = EQUAL_Q_PARALLEL
907    
908 sgodin 9633 # Whether to cancel groups of parallel forks after the period specified by the
909     # QValueMsBeforeCancel parameter.
910 sgodin 9286 QValueCancelBetweenForkGroups = true
911    
912 sgodin 9633 # msec to wait before cancelling parallel fork groups when QValueCancelBetweenForkGroups
913     # is true
914     QValueMsBeforeCancel = 30000
915    
916 sgodin 9286 # Whether to wait for parallel fork groups to terminate before starting new fork-groups.
917     QValueWaitForTerminateBetweenForkGroups = true
918    
919 sgodin 9633 # msec to wait before starting new groups of parallel forks when
920     # QValueWaitForTerminateBetweenForkGroups is false
921 sgodin 9286 QValueMsBetweenForkGroups = 3000
922    
923    

Properties

Name Value
svn:eol-style native
svn:mime-type text/plain

webmaster AT resiprocate DOT org
ViewVC Help
Powered by ViewVC 1.1.27