/[resiprocate]/main/repro/repro.config
ViewVC logotype

Contents of /main/repro/repro.config

Parent Directory Parent Directory | Revision Log Revision Log


Revision 11220 - (show annotations) (download)
Sat Aug 30 14:15:39 2014 UTC (5 years, 2 months ago) by dpocock
File MIME type: text/plain
File size: 39697 byte(s)
repro: Logging: configuring Syslog facility
1 ########################################################
2 # repro configuration file
3 ########################################################
4
5
6 ########################################################
7 # Log settings
8 ########################################################
9
10 # Logging Type: syslog|cerr|cout|file
11 # Note: Logging to cout can negatively effect performance.
12 # When repro is placed into production 'file' or
13 # 'syslog' should be used.
14 LoggingType = cout
15
16 # For syslog, also specify the facility, default is LOG_DAEMON
17 SyslogFacility = LOG_DAEMON
18
19 # Logging level: NONE|CRIT|ERR|WARNING|INFO|DEBUG|STACK
20 LogLevel = INFO
21
22 # Log Filename
23 LogFilename = repro.log
24
25 # Log file Max Bytes
26 LogFileMaxBytes = 5242880
27
28 # Instance name to be shown in logs, very useful when multiple instances
29 # logging to syslog concurrently
30 # If unspecified, defaults to argv[0] (name of the executable)
31 #LoggingInstanceName = repro-dev
32
33 # Enable INFO level SIP Message Logging - outputs all SIP messages
34 # sent and/or received to log file in an easy to read format
35 EnableSipMessageLogging = false
36
37 ########################################################
38 # Transport settings
39 ########################################################
40
41 # Set an upper limit on the maximum size of a SIP message payload
42 # that the stack will accept. If a payload received over a
43 # connection-oriented transport exceeds this size, the
44 # connection will be dropped.
45 # This applies to TCP, TLS and WebSocket transports.
46 # UDP payload sizes are limited by the maximum datagram size
47 # and any fragmentation constraints.
48 #StreamMessageSizeLimit = 65536
49
50 # Local IP Address to bind SIP transports to. If left blank
51 # repro will bind to all adapters.
52 #IPAddress = 192.168.1.106
53 #IPAddress = 2001:5c0:1000:a::6d
54 IPAddress =
55
56 # Local port to listen on for SIP messages over UDP - 0 to disable
57 UDPPort = 5060
58
59 # Local port to listen on for SIP messages over TCP - 0 to disable
60 TCPPort = 5060
61
62 # Local port to listen on for SIP messages over TLS - 0 to disable
63 TLSPort = 0
64
65 # Local port to listen on for SIP messages over WS (WebSocket) - 0 to disable
66 WSPort = 0
67
68 # Local port to listen on for SIP messages over WSS (WebSocket TLS) - 0 to disable
69 WSSPort = 0
70
71 # Local port to listen on for SIP messages over DTLS - 0 to disable
72 DTLSPort = 0
73
74 # TLS domain name for this server (note: domain cert for this domain must be present)
75 TLSDomainName =
76
77 # PEM-encoded X.509 certificate for TLS
78 # Must contain any intermediate certificates from the CA
79 # The TLSCertificate and TLSPrivateKey parameters are optional. The stack
80 # will also try to automatically detect any suitable certificates
81 # in the directory specified by CertificatePath
82 TLSCertificate =
83
84 # PEM-encoded private key for TLS
85 TLSPrivateKey =
86
87 # Private key pass phrase if private keys are encrypted with a password
88 TLSPrivateKeyPassPhrase =
89
90 # Whether or not we ask for (Optional) or expect (Mandatory) TLS
91 # clients to present a client certificate
92 # Possible values:
93 # None: client can connect without any cert, if a cert is sent, it is not checked
94 # Optional: client can connect without any cert, if a cert is sent, it must be acceptable to us
95 # Mandatory: client can not connect without any cert, cert must be acceptable to us
96 # How we decide if a cert is acceptable: it must meet two criteria:
97 # 1. it must be signed by a CA that we trust (see CADirectory)
98 # 2. the domain or full sip: URI in the cert must match the From: URI of all
99 # SIP messages coming from the peer
100 TLSClientVerification = None
101
102 # Whether we accept the subjectAltName email address as if it was a SIP
103 # address (when checking the validity of a client certificate)
104 # Very few commercial CAs offer support for SIP addresses in subjectAltName
105 # For many purposes, an email address subjectAltName may be considered
106 # equivalent within a specific domain.
107 # Currently, this accepts such certs globally (for any incoming connection),
108 # not just for connections from the local users.
109 TLSUseEmailAsSIP = false
110
111 # Alternate and more flexible method to specify transports to bind to. If specified here
112 # then IPAddress, and port settings above are ignored.
113 # Transports MUST be numbered in sequential order, starting from 1. Possible settings are:
114 # Transport<Num>Interface = <IPAddress>:<Port> - Note: For IPv6 addresses last colon separates
115 # IP Address and Port - square bracket notation
116 # is not used.
117 # Transport<Num>Type = <'TCP'|'UDP'|'TLS'|'DTLS'|'WS'|'WSS'> - default is UDP if missing
118 # Transport<Num>TlsDomain = <TLSDomain> - only required if transport is TLS, DTLS or WSS
119 # Transport<Num>TlsCertificate = <TLSCertificate> - only for TLS, DTLS or WSS
120 # Transport<Num>TlsPrivateKey = <TLSPrivateKey> - only for TLS, DTLS or WSS
121 # Transport<Num>TlsPrivatePassPhrase = <TLSPrivateKeyPassPhrase> - only for TLS, DTLS or WSS
122 # when private key has passwd
123 # Transport<Num>TlsClientVerification = <'None'|'Optional'|'Mandatory'> - default is None
124 # Transport<Num>RecordRouteUri = <'auto'|URI> - if set to auto then record route URI
125 # is automatically generated from the other
126 # transport settings. Otherwise explicity
127 # enter the full URI you want repro to use.
128 # Do not specify 'auto' if you specified
129 # the IPAddress as INADDR_ANY (0.0.0.0).
130 # If nothing is specified then repro will
131 # use the global RecordRouteUri setting.
132 #
133 # Transport<Num>RcvBufLen = <SocketReceiveBufferSize> - currently only applies to UDP transports,
134 # leave empty to use OS default
135 # Example:
136 # Transport1Interface = 192.168.1.106:5060
137 # Transport1Type = TCP
138 # Transport1RecordRouteUri = auto
139 #
140 # Transport2Interface = 192.168.1.106:5060
141 # Transport2Type = UDP
142 # Transport2RecordRouteUri = auto
143 # Transport2RcvBufLen = 10000
144 #
145 # Transport3Interface = 192.168.1.106:5061
146 # Transport3Type = TLS
147 # Transport3TlsDomain = sipdomain.com
148 # Transport3TlsCertificate = /etc/ssl/crt/sipdomain.com.crt
149 # Transport3TlsPrivateKey = /etc/ssl/private/sipdomain.com.key
150 # Transport3TlsPrivateKeyPassPhrase = password
151 # Transport3TlsClientVerification = Mandatory
152 # Transport3RecordRouteUri = sip:h1.sipdomain.com;transport=TLS
153 #
154 # Transport4Interface = 2666:f0d0:1008:88::4:5060
155 # Transport4Type = UDP
156 # Transport4RecordRouteUri = auto
157
158 # Transport5Interface = 192.168.1.106:5062
159 # Transport5Type = WS
160 # Transport5RecordRouteUri = auto
161
162 # Transport6Interface = 192.168.1.106:5063
163 # Transport6Type = WSS
164 # Transport6TlsDomain = sipdomain.com
165 # Transport6TlsClientVerification = None
166 # Transport6RecordRouteUri = sip:h1.sipdomain.com;transport=WS
167
168 # Comma separated list of DNS servers, overrides default OS detected list (leave blank
169 # for default)
170 DNSServers =
171
172 # Enable IPv6
173 EnableIPv6 = true
174
175 # Enable IPv4
176 DisableIPv4 = false
177
178 # Comma separated list of IP addresses used for binding the HTTP configuration interface
179 # and/or certificate server. If left blank it will bind to all adapters.
180 HttpBindAddress =
181
182 # Port on which to run the HTTP configuration interface and/or certificate server
183 # 0 to disable (default: 5080)
184 HttpPort = 5080
185
186 # disable HTTP challenges for web based configuration GUI
187 DisableHttpAuth = false
188
189 # Realm to use for HTTP admin interface digest authentication
190 HttpAdminRealm = repro
191
192 # File containing user/password details
193 #
194 # The format is:
195 #
196 # username:realm:HA1
197 #
198 # where
199 #
200 # user = admin
201 # realm = the value from HttpAdminRealm
202 # HA1 = `echo -n user:realm:password | md5sum`
203 #
204 # You can use the htdigest utility from Apache to create and
205 # manage this file
206 #
207 HttpAdminUserFile = users.txt
208
209 # Comma separated list of IP addresses used for binding the Command Server listeners.
210 # If left blank it will bind to all adapters.
211 CommandBindAddress =
212
213 # Port on which to listen for and send XML RPC messaging used in command processing
214 # 0 to disable (default: 5081)
215 CommandPort = 5081
216
217 # Port on which to listen for and send XML RPC messaging used in registration sync
218 # process - 0 to disable (default: 0)
219 RegSyncPort = 0
220
221 # Hostname/ip address of another instance of repro to synchronize registrations with
222 # (note xmlrpcport must also be specified)
223 RegSyncPeer =
224
225 # Non-outbound connections over this age (expressed in seconds) are
226 # considered eligible for garbage collection.
227 # If not set but FlowTimer is set, then this value defaults to 7200 seconds
228 # Otherwise, there is no garbage collection at all unless an error occurs
229 # when making an outgoing connection.
230 #TCPConnectionGCAge =
231
232 # File descriptor headroom threshold for emergency garbage collection
233 # If the difference between the number of permitted FDs
234 # (reported by periodic calls to getrlimit()) and the number
235 # of active stream connections falls below this threshold,
236 # the garbage collector will overlook TCPConnectionGCAge and
237 # FlowTimer settings and more aggressively close connections
238 # By default, this feature is not enabled
239 # Remember that the value must be high enough to allow file descriptors
240 # for each shared library that is open, each database connection,
241 # each listening socket and any sockets/files accessed by plugins
242 #TCPMinimumGCHeadroom =
243
244 ########################################################
245 # Misc settings
246 ########################################################
247
248 # Directory where plugins are located
249 # The default is determined at build time depending upon the
250 # target environment and the installation prefix passed to
251 # the configure script
252 #PluginDirectory = /usr/lib/repro/plugins
253
254 # List of plugins to load (comma-separated list)
255 # These are the names of the plugins and not the full filenames
256 # Order is important: the plugins will always be loaded and
257 # initialized in the order specified here
258 # Plugins are not supported on all platforms and plugin support is an
259 # optional feature that must be enabled at compile time.
260 #
261 # For example, to load the plugin named "example", which is in libexample.so:
262 #LoadPlugins = example
263
264 # Drop privileges and run as some other user and group
265 # If RunAsUser is specified and RunAsGroup is not specified,
266 # then setgid will be invoked using the default group for
267 # the specified user
268 # If neither option is specified, then no attempt will be made
269 # to call setuid/setgid (there is no default value)
270 #RunAsUser = repro
271 #RunAsGroup = repro
272
273 # Must be true or false, default = false, not supported on Windows
274 Daemonize = false
275
276 # On UNIX it is normal to create a PID file
277 # if unspecified, no attempt will be made to create a PID file
278 #PidFile = /var/run/repro/repro.pid
279
280 # Path to load certificates from (optional, there is no default)
281 # Note that repro loads ALL root certificates found by any of the settings
282 #
283 # CertificatePath
284 # CADirectory
285 # CAFile
286 #
287 # Setting one option does not disable the other options.
288 #
289 # Certificates in this location have to match one of the filename
290 # patterns expected by the legacy reSIProcate SSL code:
291 #
292 # domain_cert_NAME.pem, root_cert_NAME.pem, ...
293 #
294 # For domain certificates, it is recommended to use the options
295 # for individual transports, such as TransportXTlsCertificate and
296 # TransportXTlsPrivateKey and not set CertificatePath at all.
297 #
298 CertificatePath =
299
300 # Path to load root certificates from
301 # Iff this directory is specified, all files in the directory
302 # will be loaded as root certificates, prefixes and suffixes are
303 # not considered
304 # Note that repro loads ALL root certificates found by the settings
305 # CertificatePath, CADirectory and CAFile. Setting one option does
306 # not disable the other options.
307 # On Debian, the typical location is /etc/ssl/certs
308 #CADirectory = /etc/ssl/certs
309
310 # Specify a single file containing one or more root certificates
311 # and possible chain/intermediate certificates to be loaded
312 # Iff this filename is specified, the certificates in the file will
313 # be loaded as root certificates
314 #
315 # This does NOT currently support bundles of unrelated root certificates
316 # stored in the same PEM file, it ONLY supports related/chained root
317 # certificates. If multiple roots must be supported, use the CADirectory
318 # option.
319 #
320 # In the future, this behavior may change to load a bundle,
321 # such as /etc/ssl/certs/ca-certificates.txt on Debian and
322 # /etc/pki/tls/cert.pem on Red Hat/CentOS
323 #
324 # Note that repro loads ALL root certificates found by the settings
325 # CertificatePath, CADirectory and CAFile. Setting one option does
326 # not disable the other options.
327 #
328 # This example loads just the CACert.org chain, which typically
329 # includes the class 1 root and the class 3 root (signed by the class 1 root)
330 #CAFile = /etc/ssl/certs/cacert.org.pem
331
332 # The Path to read and write Berkely DB database files
333 DatabasePath = ./
334
335 # The hostname running MySQL server to connect to, leave blank to use BerkelyDB.
336 # The value of host may be either a host name or an IP address. If host is "localhost",
337 # a connection to the local host is assumed. For Windows, the client connects using a
338 # shared-memory connection, if the server has shared-memory connections enabled. Otherwise,
339 # TCP/IP is used. For Unix, the client connects using a Unix socket file. For a host value of
340 # "." on Windows, the client connects using a named pipe, if the server has named-pipe
341 # connections enabled. If named-pipe connections are not enabled, an error occurs.
342 # WARNING: repro must be compiled with the USE_MYSQL flag in order for this work.
343 MySQLServer =
344
345 # The MySQL login ID to use when connecting to the MySQL Server. If user is empty string "",
346 # the current user is assumed. Under Unix, this is the current login name. Under Windows,
347 # the current user name must be specified explicitly.
348 MySQLUser = root
349
350 # The password for the MySQL login ID specified.
351 MySQLPassword = root
352
353 # The database name on the MySQL server that contains the repro tables
354 MySQLDatabaseName = repro
355
356 # If port is not 0, the value is used as the port number for the TCP/IP connection. Note that
357 # the host parameter determines the type of the connection.
358 MySQLPort = 3306
359
360 # The Users and MessageSilo database tables are different from the other repro configuration
361 # database tables, in that they are accessed at runtime as SIP requests arrive. It may be
362 # desirable to use BerkeleyDb for the other repro tables (which are read at starup time, then
363 # cached in memory), and MySQL for the runtime accessed tables; or two seperate MySQL instances
364 # for these different table sets. Use the following settings in order to specify a seperate
365 # MySQL instance for use by the Users and MessageSilo tables.
366 #
367 # WARNING: repro must be compiled with the USE_MYSQL flag in order for this work.
368 #
369 # Note: If this setting is left blank then repro will fallback all remaining my sql
370 # settings to use the global MySQLServer settings. If the MySQLServer setting is also
371 # blank, then repro will use BerkelyDB for all configuration tables. See the
372 # documentation on the global MySQLServer settings for more details on the following
373 # individual settings.
374 RuntimeMySQLServer =
375 RuntimeMySQLUser = root
376 RuntimeMySQLPassword = root
377 RuntimeMySQLDatabaseName = repro
378 RuntimeMySQLPort = 3306
379
380 # If you would like to be able to authenticate users from a MySQL source other than the repro user
381 # database table itself, then specify the query here. The following conditions apply:
382 # 1. The database table must reside on the same MySQL server instance as the repro database
383 # or Runtime tables database.
384 # 2. The statement provided will be UNION'd with the hardcoded repro query, so that auth from
385 # both sources is possible. Note: If the same user exists in both tables, then the repro
386 # auth info will be used.
387 # 3. The provided SELECT statement must return the SIP A1 password hash of the user in question.
388 # 4. The provided SELECT statement must contain two tags embedded into the query: $user and $domain
389 # These tags should be used in the WHERE clause, and repro will replace these tags with the
390 # actual user and domain being queried.
391 # Example: SELECT sip_password_ha1 FROM directory.users WHERE sip_userid = '$user' AND
392 # sip_domain = '$domain' AND account_status = 'active'
393 MySQLCustomUserAuthQuery =
394
395 # Session Accounting - When enabled resiprocate will push a JSON formatted
396 # events for sip session related messaging that the proxy receives,
397 # to a persistent message queue that uses berkeleydb backed storage.
398 # The following session events are logged:
399 # Session Created - INVITE passing authentication was received
400 # Session Routed - received INVITE was forward to a target
401 # Session Redirected - session was 3xx redirected or REFERed
402 # Session Established - there was 2xx answer to an INVITE (only generate for first 2xx)
403 # Session Cancelled - CANCEL was received
404 # Session Ended - BYE was received from either end
405 # Session Error - a 4xx, 5xx, or 6xx response was sent to the inviter
406 # Consuming Accounting Events:
407 # Users must ensure that this message queue is consumed, or it will grow without
408 # bound. A queuetostream consumer process is provided, that will consume the
409 # events from the message queue and stream them to stdout. This output stream can
410 # be consumed by linux scripting tools and converted to database records or some
411 # other relevant representation of the data.
412 # For example: ./queuetostream ./sessioneventqueue > streamconsumer
413 # In the future a MySQL consumer may also be provided in order to update
414 # session accounting records in a MySQL database table.
415 SessionAccountingEnabled = false
416
417 # The following setting determines if repro will add routing header information
418 # (ie. Route, and Record-Route headers)to the Session Created, Session Routed
419 # and Session Established events.
420 SessionAccountingAddRoutingHeaders = false
421
422 # The following setting determines if we will add via header information to
423 # the Session Created event.
424 SessionAccountingAddViaHeaders = false
425
426 # Registration Accounting - When enabled resiprocate will push a JSON formatted
427 # events for every registration, re-registration, and unregistration message
428 # received to a persistent message queue that uses berkeleydb backed storage.
429 # The following registration events are logged:
430 # Registration Added - initial registration received
431 # Registration Refreshed - registration refresh received / re-register
432 # Registration Removed - registration removed by client / unregister
433 # Registration Removed All - all contacts registration remove / unregister
434 # Consuming Accounting Events:
435 # Users must ensure that this message queue is consumed, or it will grow without
436 # bound. A queuetostream consumer process is provided, that will consume the
437 # events from the message queue and stream them to stdout. This output stream can
438 # be consumed by linux scripting tools and converted to database records or some
439 # other relevant representation of the data.
440 # For example: ./queuetostream ./regeventqueue > streamconsumer
441 # In the future a MySQL consumer may also be provided in order to update
442 # login/registration accounting records in a MySQL database table.
443 RegistrationAccountingEnabled = false
444
445 # The following setting determines if repro will add routing header information
446 # (ie. Route and Path headers)to registration accounting events.
447 RegistrationAccountingAddRoutingHeaders = false
448
449 # The following setting determines if we will add via header information to
450 # the registration accounting events.
451 RegistrationAccountingAddViaHeaders = false
452
453 # The following setting determines if we log the RegistrationRefreshed events
454 RegistrationAccountingLogRefreshes = false
455
456 # Run a Certificate Server - Allows PUBLISH and SUBSCRIBE for certificates
457 EnableCertServer = false
458
459 # Value of server and user agent headers for local UAS and registration
460 # server responses
461 #
462 # Default value is "repro PACKAGE_VERSION" if PACKAGE_VERSION is defined
463 # during compilation and no header is generated at all otherwise
464 #
465 #ServerText =
466
467 # Enables Congestion Management
468 CongestionManagement = true
469
470 # Congestion Management Metric - can take one of the following values:
471 # SIZE : Based solely on the number of messages in each fifo
472 # TIME_DEPTH : Based on the age of the oldest (front-most) message
473 # in each fifo.
474 # WAIT_TIME : Based on the expected wait time for each fifo; this is
475 # calculated by multiplying the size by the average service time.
476 # This is the recommended metric.
477 CongestionManagementMetric = WAIT_TIME
478
479 # Congestion Management Tolerance for the given metric. This determines when the RejectionBehavior
480 # changes.
481 # 0-80 percent of max tolerance -> NORMAL (Not rejecting any work.)
482 # 80-100 percent of max tolerance -> REJECTING_NEW_WORK (Refuses new work,
483 # not continuation of old work.)
484 # >100 percent of max tolerance -> REJECTING_NON_ESSENTIAL (Rejecting all work
485 # that is non-essential to the health of the system (ie, if dropping
486 # something is liable to cause a leak, instability, or state-bloat, don't drop it.
487 # Otherwise, reject it.)
488 # Units specified are dependent on Metric specified above:
489 # If Metric is SIZE then units are number of messages
490 # If Metric is TIME_DEPTH then units are the number seconds old the oldest message is
491 # If Metric is WAIT_TIME then units are the expected wait time of each fifo in milliseconds
492 CongestionManagementTolerance = 200
493
494 # Specify the number of seconds between writes of the stack statistics block to the log files.
495 # Specifying 0 will disable the statistics collection entirely. If disabled the statistics
496 # also cannot be retreived using the reprocmd interface.
497 StatisticsLogInterval = 3600
498
499 # Use MultipleThreads stack processing.
500 ThreadedStack = true
501
502 # The number of worker threads used to asynchronously retrieve user authentication information
503 # from the database store.
504 NumAuthGrabberWorkerThreads = 2
505
506 # The number of worker threads in Async Processor tread pool. Used by all Async Processors
507 # (ie. RequestFilter)
508 NumAsyncProcessorWorkerThreads = 2
509
510 # Specify domains for which this proxy is authorative (in addition to those specified on web
511 # interface) - comma separate list
512 # Notes: * Domains specified here cannot be used when creating users, domains used in user
513 # AORs must be specified on the web interface.
514 # * In previous versions of repro, localhost, 127.0.0.1, the machine's hostname,
515 # and all interface addresses would automatically be appended to this
516 # configuration parameter. From now on, such values must be listed
517 # here explicitly if required, e.g.
518 #
519 # Domains = localhost, 127.0.0.1, sip-server.example.org, 10.83.73.80
520 #
521 # although when using TLS only, it is not desirable or necessary to
522 # add such values.
523 #
524 Domains =
525
526 # Uri to use as Record-Route
527 RecordRouteUri =
528
529 # Force record-routing
530 # WARNING: Before enabling this, ensure you have a RecordRouteUri setup, or are using
531 # the alternate transport specification mechanism and defining a RecordRouteUri per
532 # transport: TransportXRecordRouteUri
533 ForceRecordRouting = false
534
535 # Assume path option
536 AssumePath = false
537
538 # Disable registrar
539 DisableRegistrar = false
540
541 # Specify a comma separate list of enum suffixes to search for enum dns resolution
542 EnumSuffixes =
543
544 # Specify the target domain(s) for ENUM logic support. When a dialed SIP URI
545 # is addressed to +number@somedomain,
546 # where somedomain is an element of EnumDomains,
547 # the ENUM logic will be applied for the number
548 # If empty, ENUM is never used
549 EnumDomains =
550
551 # Specify length of timer C in sec (0 or negative will disable timer C) - default 180
552 TimerC = 180
553
554 # Override the default value of T1 in ms (you probably should not change this) - leave
555 # as 0 to use default of 500ms)
556 TimerT1 = 0
557
558 # Disable outbound support (RFC5626)
559 # WARNING: Before enabling this, ensure you have a RecordRouteUri setup, or are using
560 # the alternate transport specification mechanism and defining a RecordRouteUri per
561 # transport: TransportXRecordRouteUri
562 DisableOutbound = true
563
564 # Set the draft version of outbound to support (default: RFC5626)
565 # Other accepted values are the versions of the IETF drafts, before RFC5626 was issued
566 # (ie. 5, 8, etc.)
567 OutboundVersion = 5626
568
569 # There are cases where the first hop in a particular network supports the concept of outbound
570 # and ensures all messaging for a client is delivered over the same connection used for
571 # registration. This could be a SBC or other NAT traversal aid router that uses the Path
572 # header. However such endpoints may not be 100% compliant with outbound RFC and may not
573 # include a ;ob parameter in the path header. This parameter is required in order for repro
574 # to have knowledge that the first hop does support outbound, and it will reject registrations
575 # that appear to be using outboud (ie. instanceId and regId) with a 439 (First Hop Lacks Outbound
576 # Support). In this case it can be desirable when using repro as the registrar to not reject
577 # REGISTRATION requests that contain an instanceId and regId with a 439.
578 # If this setting is enabled, then repro will assume the first hop supports outbound
579 # and not return this error.
580 AssumeFirstHopSupportsOutbound = false
581
582 # Enable use of flow-tokens in non-outbound cases
583 # WARNING: Before enabling this, ensure you have a RecordRouteUri setup, or are using
584 # the alternate transport specification mechanism and defining a RecordRouteUri per
585 # transport: TransportXRecordRouteUri
586 EnableFlowTokens = false
587
588 # Enable use of flow-tokens in non-outbound cases for clients detected to be behind a NAT.
589 # This a more selective flow token hack mode for clients not supporting RFC5626. The
590 # original flow token hack (EnableFlowTokens) will use flow tokens on all client requests.
591 # Possible values are: DISABLED, ENABLED and PRIVATE_TO_PUBLIC.
592 # WARNING: Before enabling this, ensure you have a RecordRouteUri setup, or are using
593 # the alternate transport specification mechanism and defining a RecordRouteUri per
594 # transport: TransportXRecordRouteUri
595 ClientNatDetectionMode = DISABLED
596
597 # Set to greater than 0 to enable addition of Flow-Timer header to REGISTER responses if
598 # outbound is enabled (default: 0)
599 FlowTimer = 0
600
601
602 ########################################################
603 # CertificateAuthenticator Monkey Settings
604 ########################################################
605
606 # Enables certificate authenticator - note you MUST use a TlsTransport
607 # with TlsClientVerification set to Optional or Mandatory.
608 # There are two levels of checking:
609 # a) cert must be signed by a CA trusted by the stack
610 # b) the CN or one of the subjectAltName values must match the From:
611 # header of each SIP message on the TlsConnection
612 # Examples:
613 # Cert 1:
614 # common name = daniel@pocock.com.au
615 # => From: <daniel@pocock.com.au> is the only value that will pass
616 # Cert 2:
617 # subjectAltName = pocock.com.au
618 # => From: <<anything>@pocock.com.au> will be accepted
619 # Typically, case 1 is for a real client connection (e.g. Jitsi), case 2
620 # (whole domain) is for federated SIP proxy-to-proxy communication (RFC 5922)
621 EnableCertificateAuthenticator = false
622
623 # A static text file that contains mappings of X.509 Common Names to
624 # permitted SIP `From:' addresses
625 #
626 # Without this file, the default behavior of the CertificateAuthenticator
627 # ensures that the `From:' address in SIP messages must match the
628 # Common Name or one of the subjectAltNames from the X.509 certificate
629 #
630 # When this file is supplied, the CertificateAuthenticator will continue
631 # to allow SIP messages where there is an exact match between the
632 # certificate and the `From:' address, but it will also allow
633 # the holder of a particular certificate to use any of the `mapped'
634 # `From:' addresses specified in the mappings file
635 #
636 # Default: there is no default value: if this filename is not specified,
637 # repro will not look for it
638 #
639 # File format:
640 # common name<TAB><mapping>,<mapping>,...
641 #
642 # where:
643 # <TAB> is exactly one tab
644 # <mapping> is `user@domain' or just `domain'
645 #
646 #CommonNameMappings = /etc/repro/tlsUserMappings.txt
647
648
649 ########################################################
650 # DigestAuthenticator Monkey Settings
651 ########################################################
652
653 # Disable DIGEST challenges - disables this monkey
654 DisableAuth = false
655
656 # Always use a specified realm name to challenge
657 # Default behavior (if StaticRealm not specified) is to challenge
658 # using the hostname from the request URI as the realm
659 StaticRealm =
660
661 # Enable RADIUS lookups (only works if DIGEST enabled)
662 # Default: false
663 #EnableRADIUS = true
664
665 # Specify the configuration file the RADIUS client should use
666 # This is the file that specifies the name of the RADIUS server to
667 # use and other essential parameters.
668 # If different processes each have different RADIUS parameters,
669 # they can copy the radiusclient.conf file to a non-standard location
670 # and modify it as required.
671 #
672 # Note the following:
673 # - the seqfile specified in the RADIUS configuration file
674 # must be writeable by the user the repro process runs as.
675 # It is a good idea to locate that file in a directory such as /var/run/repro
676 # owned by repro
677 # - the dictionary must include various elements such as Sip-Session,
678 # copy these from the sample dictionary.sip file
679 # Default: /etc/radiusclient/radiusclient.conf
680 #RADIUSConfiguration =
681
682 # Http hostname for this server (used in Identity headers)
683 HttpHostname =
684
685 # Disable adding identity headers
686 DisableIdentity = false
687
688 # Enable addition and processing of P-Asserted-Identity headers
689 EnablePAssertedIdentityProcessing = false
690
691 # Disable auth-int DIGEST challenges
692 DisableAuthInt = true
693
694 # Send 403 if a client sends a bad nonce in their credentials (will send a new
695 # challenge otherwise)
696 RejectBadNonces = false
697
698 # allow To tag in registrations
699 AllowBadReg = false
700
701 ########################################################
702 # Cookie Authentication Settings
703 ########################################################
704
705 # Shared secret for cookie HMAC validation. If there is no WSCookieAuthSharedSecret
706 # there will be no cookie validation.
707 #
708 # See
709 # http://www.resiprocate.org/SIP_Over_WebSocket_Cookies
710 # for details of the cookie authentication scheme
711 #
712 # WSCookieAuthSharedSecret =
713
714 # Names of the cookies to use for the cookie authentication protocol
715 # These are the default values:
716 #WSCookieNameInfo = WSSessionInfo
717 #WSCookieNameExtra = WSSessionExtra
718 #WSCookieNameMAC = WSSessionMAC
719
720 # Name of the extension header that must match the content of
721 # the authenticated WSSessionExtra cookie
722 #WSCookieExtraHeaderName = X-WS-Session-Extra
723
724 ########################################################
725 # RequestFilter Monkey Settings
726 ########################################################
727
728 # Disable RequestFilter monkey processing
729 DisableRequestFilterProcessor = false
730
731 # Default behavior for when no matching filter is found. Leave empty to allow
732 # request processing to continue. Otherwise set to a SIP status error code
733 # (400-699) that should be used to reject the request (ie. 500, Server Internal
734 # Error).
735 # The status code can optionally be followed by a , and SIP reason text.
736 RequestFilterDefaultNoMatchBehavior =
737
738 # Default behavior for SQL Query db errors. Leave empty to allow request processing
739 # to continue. Otherwise set to a SIP status error code (400-699) that should be
740 # used to reject the request (ie. 500 - Server Internal Error).
741 # The status code can optionally be followed by a , and SIP reason text.
742 # Note: DB support for this action requires MySQL support.
743 RequestFilterDefaultDBErrorBehavior = 500, Server Internal DB Error
744
745 # The hostname running MySQL server to connect to for any blocked entries
746 # that are configured to used a SQL statement.
747 # WARNING: repro must be compiled with the USE_MYSQL flag in order for this work.
748 #
749 # Note: If this setting is left blank then repro will fallback all remaining my sql
750 # settings to use the global RuntimeMySQLServer or MySQLServer settings. See the
751 # documentation on the global MySQLServer settings for more details on the following
752 # individual settings.
753 RequestFilterMySQLServer =
754 RequestFilterMySQLUser = root
755 RequestFilterMySQLPassword = root
756 RequestFilterMySQLDatabaseName =
757 RequestFilterMySQLPort = 3306
758
759
760 ########################################################
761 # StaticRoute Monkey Settings
762 ########################################################
763
764 # Specify where to route requests that are in this proxy's domain - disables the
765 # routes in the web interface and uses a SimpleStaticRoute monkey instead.
766 # A comma seperated list of routes can be specified here and each route will
767 # be added to the outbound Requests with the RequestUri left in tact.
768 Routes =
769
770 # Parallel fork to all matching static routes
771 ParallelForkStaticRoutes = false
772
773 # By default (false) we will stop looking for more Targets if we have found
774 # matching routes. Setting this value to true will allow the LocationServer Monkey
775 # to run after StaticRoutes have been found. In this case the matching
776 # StaticRoutes become fallback targets, processed only after all location server
777 # targets fail.
778 ContinueProcessingAfterRoutesFound = false
779
780 # Challenge calls from third-party domains to local domains
781 # If certificate authentication is enabled and a
782 # request arrives over TLS, they will still not be
783 # challenged anyway if their domain certificate
784 # validates their message.
785 # Default: true if DIGEST challenge is enabled
786 ChallengeThirdPartiesCallingLocalDomains = true
787
788
789 ########################################################
790 # Message Silo Monkey Settings
791 ########################################################
792
793 # Specify where the Message Silo is enabled or not. If enabled,
794 # then repro will store MESSAGE requests for users that are not online.
795 # When the user is back online (ie. registers with repro), the stored
796 # messages will be delivered.
797 MessageSiloEnabled = false
798
799 # A regular expression that can be used to filter which URI's not to
800 # do message storage (siloing) for. Destination/To URI's matching
801 # this regular expression will not be silo'd.
802 MessageSiloDestFilterRegex =
803
804 # A regular expression that can be used to filter which body/content/mime
805 # types not to do message storage (siloing) for. Content-Type's matching
806 # this regular expression will not be silo'd.
807 MessageSiloMimeTypeFilterRegex = application\/im\-iscomposing\+xml
808
809 # The number of seconds a message request will be stored in the message silo.
810 # Messages older than this time, are candidates for deletion.
811 # Default (259200 seconds = 30 days)
812 MessageSiloExpirationTime = 2592000
813
814 # Flag to indicate if a Date header should be added to replayed SIP
815 # MESSAGEs from the silo, when a user registers.
816 MessageSiloAddDateHeader = true
817
818 # Defines the maximum message content length (bytes) that will be stored in
819 # the message silo. Messages with a Content-Length larger than this
820 # value will be discarded.
821 # WARNING: Do not increasing this value beyond the capabilities of the
822 # database storage or internal buffers.
823 # Note: AbstractDb uses a read buffer size of 8192 - do not exceed this size.
824 MessageSiloMaxContentLength = 4096
825
826 # The status code returned to the sender when a messages is successfully
827 # silo'd.
828 MessageSiloSuccessStatusCode = 202
829
830 # The status code returned to the sender when a messages mime-type matches
831 # the MessageSiloMimeTypeFilterRegex. Can be used to avoid sending errors
832 # to isComposing mime bodies that don't need to be silod. Set to 0 to use
833 # repro standard response (ie. 480).
834 MessageSiloFilteredMimeTypeStatusCode = 200
835
836 # The status code returned to the sender when a messages is not silo'd due
837 # to the MaxContentLength being exceeded.
838 MessageSiloFailureStatusCode = 480
839
840
841 ########################################################
842 # Recursive Redirect Lemur Settings
843 ########################################################
844
845 # Handle 3xx responses in the proxy - enables the Recursive Redirect Lemur
846 RecursiveRedirect = false
847
848
849 ########################################################
850 # Geo Proximity Target Sorter Baboon Settings
851 ########################################################
852
853 # If enabled, then this baboon can post-process the target list.
854 # This includes targets from the StaticRoute monkey and/or targets
855 # from the LocationServer monkey. Requests that meet the filter
856 # criteria will have their Target list, flatened (serialized) and
857 # ordered based on the proximity of the target to the client sending
858 # the request. Proximity is determined by looking for a
859 # x-repro-geolocation="<latitude>,<longitude>" parameter on the Contact
860 # header of a received request, or the Contact headers of Registration
861 # requests. If this parameter is not found, then this processor will
862 # attempt to determine the public IP address closest to the client or
863 # target and use the MaxMind Geo IP library to lookup the geo location.
864 GeoProximityTargetSorting = false
865
866 # Specify the full path to the IPv4 Geo City database file
867 # Note: A free version of the database can be downloaded from here:
868 # http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz
869 # For a more accurate database, please see the details here:
870 # http://www.maxmind.com/app/city
871 GeoProximityIPv4CityDatabaseFile = GeoLiteCity.dat
872
873 # Specify the full path to the IPv6 Geo City database file
874 # Note: A free version of the database can be downloaded from here:
875 # http://geolite.maxmind.com/download/geoip/database/GeoLiteCityv6-beta/
876 # For a more accurate database, please see the details here:
877 # http://www.maxmind.com/app/city
878 # Leave blank to disable V6 lookups. Saves memory (if not required).
879 #GeoProximityIPv6CityDatabaseFile = GeoLiteCityv6.dat
880 GeoProximityIPv6CityDatabaseFile =
881
882 # This setting specifies a PCRE compliant regular expression to attempt
883 # to match against the request URI of inbound requests. Any requests
884 # matching this expression, will have their targets sorted as described
885 # above. Leave blank to match all requests.
886 GeoProximityRequestUriFilter = ^sip:mediaserver.*@mydomain.com$
887
888 # The distance (in Kilometers) to use for proximity sorting, when the
889 # Geo Location of a target cannot be determined.
890 GeoProximityDefaultDistance = 0
891
892 # If enabled, then targets that are determined to be of equal distance
893 # from the client, will be placed in a random order.
894 LoadBalanceEqualDistantTargets = true
895
896
897 ########################################################
898 # Q-Value Target Handler Baboon Settings
899 ########################################################
900
901 # Enable sequential q-value processing - enables the Baboon
902 QValue = true
903
904 # Specify forking behavior for q-value targets: FULL_SEQUENTIAL, EQUAL_Q_PARALLEL,
905 # or FULL_PARALLEL
906 QValueBehavior = EQUAL_Q_PARALLEL
907
908 # Whether to cancel groups of parallel forks after the period specified by the
909 # QValueMsBeforeCancel parameter.
910 QValueCancelBetweenForkGroups = true
911
912 # msec to wait before cancelling parallel fork groups when QValueCancelBetweenForkGroups
913 # is true
914 QValueMsBeforeCancel = 30000
915
916 # Whether to wait for parallel fork groups to terminate before starting new fork-groups.
917 QValueWaitForTerminateBetweenForkGroups = true
918
919 # msec to wait before starting new groups of parallel forks when
920 # QValueWaitForTerminateBetweenForkGroups is false
921 QValueMsBetweenForkGroups = 3000
922
923

Properties

Name Value
svn:eol-style native
svn:mime-type text/plain

webmaster AT resiprocate DOT org
ViewVC Help
Powered by ViewVC 1.1.27