opensips/opensips.cfg@9fe04d4d4e5a
opensips/opensips.cfg
Mon, 17 Sep 2012 19:10:10 +0200
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Mon, 17 Sep 2012 19:10:10 +0200
- changeset 689
- 9fe04d4d4e5a
- parent 382
- b972dc20871f
- permissions
- -rw-r--r--
Update to new version of vendor software although Oracle fails to deliver.
More specifically, newer db(3) patch revisions exist but Oracle has
removed them from the canonical download server URI for Berkely DB.
1 ##
2 ## opensips.cfg -- OpenSIPS server configuration
3 ##
6 # General configuration help available at:
7 # http://siprouter.teigre.com/doc/gettingstarted/
9 # Specific routing help available at:
10 # http://www.opensips.org/index.php?n=Resources.DocsCoreRoutes
12 # Information on debug and log levels
13 # http://www.voice-system.ro/docs/ser-syslog/
15 # Die Konfigbloecke sind:
16 # Global Configuration Parameters
17 # Extension Module Loading
18 # Extension Module Configuration
19 # Main Request Routing Logic
20 # Secondary Request Routing Logic
21 # Branch Request Routing Logic
22 # Reply Request Routing Logic
23 # Failure Request Routing Logic
24 # Local Request Routing Logic
25 # Error Request Routing Logic
26 #
27 # Logging:
28 # L_ALERT (-3) - used if the error requires immediate action.
29 # L_CRIT (-2) - used if the error is a critical situation.
30 # L_ERR (-1) - used if the error doesn't cause system malfunctioning.
31 # L_WARN (1) - used to write warning messages.
32 # L_NOTICE (2) - used to report unusual situations.
33 # L_INFO (3) - used to write informational messages.
34 # L_DBG (4) - used to write messages for debugging.
37 #
38 # Global Configuration Parameters
39 #
40 # process configuration
41 debug=4
42 log_stderror=no
43 fork=yes
44 children=2
45 tcp_children=2
46 user="@l_rusr@"
47 group="@l_rgrp@"
48 wdir="@l_prefix@/var/opensips"
50 # network configuration
51 listen=udp:voip.realhost.tld:5060
52 #listen = tls:voip.realhost.tld:5061
54 # network aliases
55 alias=voip.firsthost.tld:5060
56 #alias=voip.firsthost.tld:5061
57 alias=voip.secondhost.tld:5060
58 #alias=voip.secondhost.tld:5061
60 # enable TLS
61 #https://confluence.terena.org/display/IPTelCB/3.5.2.+TLS+for+OpenSER+(UA-Proxy)
62 #http://www.opensips.org/html/docs/tutorials/tls-1.4.x.html
63 #
64 #Run 'openserctl tls rootCA' to create @l_prefix@/etc/openser/tls/rootCA/cacert.pem.
65 #Run 'openserctl tls userCERT' to create user-calist.pem, user-cert.pem, user-cert_req.pem, and user-privkey.pem in @l_prefix@/etc/openser/tls/user/.
66 #Copy @l_prefix@/etc/openser/tls/rootCA/cacert.pem to the client host.
67 #On Windows XP client hosts, run 'certmrg.msc' to import the certificate into the root certificate store.
68 #
69 #disable_tls = 0
70 #tls_method = TLSv1
71 #tls_verify_server = 1
72 #tls_verify_client = 1
73 #tls_require_client_certificate = 1
74 #tls_ciphers_list = "HIGH:MEDIUM:!ADH" # openssl ciphers -v HIGH:MEDIUM
75 #tls_certificate = "@l_prefix@/etc/opensips/tls/user/user-cert.pem"
76 #tls_private_key = "@l_prefix@/etc/opensips/tls/user/user-privkey.pem"
77 #tls_ca_list = "@l_prefix@/etc/opensips/tls/user/user-calist.pem"
80 #
81 # Extension Module Loading
82 # http://www.opensips.org/index.php?n=Resources.DocsModules
83 #
84 # set module path
85 mpath="@l_prefix@/lib/opensips/modules/"
87 loadmodule "sl.so" # Stateless replier
88 loadmodule "tm.so" # Transaction stateful
89 loadmodule "signaling.so" # Signaling wrapper of sl/tm
90 loadmodule "rr.so" # Record Route and Route
91 loadmodule "maxfwd.so" # Maximum Forward processor
92 loadmodule "db_text.so" # Text backend for database API
93 loadmodule "usrloc.so" # User location implementation
94 loadmodule "registrar.so" # SIP Registrar implementation
95 loadmodule "uri.so" # Generic URI operation
96 loadmodule "auth.so" # Authentication Interface
97 loadmodule "textops.so" # Text based manipulations
98 loadmodule "acc.so" # Accounting
99 loadmodule "auth_db.so" # Database backend authentication
100 loadmodule "mi_fifo.so" # FIFO support for Management Interface
101 #loadmodule "flatstore.so" # Fast writing only text database
102 #loadmodule "alias_db.so" # Database aliases
103 #loadmodule "domain.so" # Multidomain support
104 #loadmodule "nathelper.so" # NAT traversal helper
105 #loadmodule "enum.so" # ENUM lookup
108 #
109 # Extension Module Configuration
110 #
111 # ----- dbtext params -----
112 modparam("db_text", "db_mode", 0) # caching for persistence
114 # ----- multimodule params -----
115 modparam("usrloc|uri|auth_db", "db_url", "text://@l_prefix@/var/opensips/db")
117 # ----- rr params -----
118 modparam("rr", "append_fromtag", 1) # important when using detect_direction
120 # ----- usrloc params -----
121 /* see 'multimodule params' as well */
122 modparam("usrloc", "db_mode", 2) # Write back database persistence scheme
124 # ----- registrar params -----
125 modparam("registrar", "max_contacts", 10) # contacts per AOR allowed
127 # ----- acc params -----
128 /* see 'multimodule params' as well */
129 modparam("acc", "db_url", "dbtext://@l_prefix@/var/opensips/db")
130 #modparam("acc", "db_url", "flatstore:@l_prefix@/var/opensips/acc")
131 modparam("acc", "early_media", 1)
132 modparam("acc", "report_cancels", 1)
133 modparam("acc", "detect_direction", 1)
134 modparam("acc", "log_level", 2)
135 modparam("acc", "log_flag", 1)
136 modparam("acc", "log_missed_flag", 2)
137 modparam("acc", "db_flag", 1)
138 modparam("acc", "db_missed_flag", 2)
139 modparam("acc", "failed_transaction_flag", 4)
141 # ----- mi_fifo params -----
142 modparam("mi_fifo", "fifo_name", "@l_prefix@/var/opensips/opensips.fifo")
143 modparam("mi_fifo", "reply_dir", "@l_prefix@/var/opensips/tmp/")
146 #
147 # Main Request Routing Logic
148 #
149 route {
150 # message diagnostics
151 #log(3, "new branch at $ru\n");
152 xlog("L_INFO", "$rm: Orig - $ou\n");
153 xlog("L_INFO", "$rm: Req - $ru\n");
154 xlog("L_INFO", "$rm: To - $tu\n");
155 xlog("L_INFO", "$rm: Dest - $du\n");
156 xlog("L_INFO", "$rm: From - $fu\n");
158 # sanity checks
159 if (!mf_process_maxfwd_header("10")) { # avoid loops in forward logic
160 sl_send_reply("483","Too Many Hops");
161 exit;
162 }
163 if (msg:len > max_len) { # repel DoS attacks
164 sl_send_reply("513", "Message Too Large");
165 exit;
166 };
168 # sequential request within a dialog should
169 # take the path determined by record routing
170 if (has_totag()) {
171 if (loose_route()) {
172 if (is_method("BYE")) {
173 setflag(1); # do accouting...
174 setflag(4); # ...even if the transaction fails
175 }
176 # mark routing logic in request
177 append_hf("P-hint: rr-enforced\r\n");
178 route(1);
179 } else {
180 sl_send_reply("404", "Not Found");
181 }
182 exit;
183 }
185 #
186 # initial requests
187 #
188 if (is_method("CANCEL")) { # CANCEL processing
189 if (t_check_trans())
190 t_relay();
191 exit;
192 }
194 t_check_trans();
196 # authenticate if from local subscriber (uncomment to enable auth)
197 #if (!is_method("REGISTER") && from_uri == myself) {
198 # if (!proxy_authorize("", "subscriber")) {
199 # proxy_challenge("", "0");
200 # exit;
201 # }
202 # if (!check_from()) {
203 # sl_send_reply("403","Forbidden");
204 # exit;
205 # }
206 #
207 # consume_credentials();
208 # # caller authenticated
209 #}
211 # record route all messages to ensure that subsequent messages
212 # will go through our proxy, particularly good if upstream
213 # and downstream entities use different transport protocol
214 if (!is_method("REGISTER|MESSAGE")) {
215 record_route();
216 }
218 # account only INVITEs
219 if (is_method("INVITE")) {
220 setflag(1);
221 }
223 if (!uri == myself) {
224 /* replace with following line if multidomain support is used */
225 #if (!is_uri_host_local()) {
226 append_hf("P-hint: outbound\r\n");
227 # if you have some interdomain connections via TLS
228 #if ($rd == "tls_domain1.net") {
229 # t_relay("tls:domain1.net");
230 # exit;
231 #} else if ($rd == "tls_domain2.net") {
232 # t_relay("tls:domain2.net");
233 # exit;
234 #}
235 route(1);
236 }
238 #
239 # requests for my domain
240 #
241 if (is_method("PUBLISH")) {
242 sl_send_reply("503", "Service Unavailable");
243 exit;
244 }
246 if (is_method("REGISTER")) {
247 # authenticate the REGISTER requests (uncomment to enable auth)
248 #if (!www_authorize("", "subscriber")) {
249 # www_challenge("", "0");
250 # exit;
251 #}
252 #
253 #if (!check_to()) {
254 # sl_send_reply("403","Forbidden");
255 # exit;
256 #}
258 if (!save("location"))
259 sl_reply_error();
261 exit;
262 }
264 if ($rU == NULL) {
265 # request with no Username in RURI
266 sl_send_reply("484","Address Incomplete");
267 exit;
268 }
270 lookup("location");
271 switch ($retcode) {
272 case 1:
273 append_hf("P-hint: usrloc applied\r\n");
274 break;
275 case -1:
276 t_newtran();
277 t_reply("404", "Not Found");
278 exit;
279 case -2:
280 sl_send_reply("405", "Method Not Allowed");
281 exit;
282 case -3:
283 t_newtran();
284 t_reply("500", "Server Internal Error");
285 exit;
286 }
288 setflag(2); # when routing via usrloc then
289 route(1); # log the missed calls as well
290 }
293 #
294 # Secondary Request Routing Logic
295 #
296 route[1] {
297 # for INVITEs enable some additional helper routes
298 if (is_method("INVITE")) {
299 t_on_branch("1");
300 t_on_reply("1");
301 t_on_failure("1");
302 }
304 # send with stateful forwarding which works reliably even for UDP2TCP
305 if (!t_relay())
306 sl_reply_error();
308 exit; # safeguard
309 }
312 #
313 # Branch Request Routing Logic
314 #
315 branch_route[1] {
316 xlog("L_INFO", "new branch at $ru\n");
317 }
320 #
321 # Reply Request Routing Logic
322 #
323 onreply_route[1] {
324 xlog("L_INFO", "incoming reply at $ru\n");
325 # if ($ua =~ fritz.box)
326 # xlog("L_ERR", "$rm: The Fritzbox replied!\n");
327 # if ($ua =~ fritz.box && has_body("application/sdp"))
328 # search_append_body("a=sendrecv.*", "\na=ptime:30");
329 }
332 #
333 # Failure Request Routing Logic
334 #
335 failure_route[1] {
336 xlog("L_INFO", "failed route at $ru\n");
337 if (t_was_cancelled())
338 exit;
340 # uncomment the following lines to block
341 # client redirect based on 3xx replies
342 #if (t_check_status("3[0-9][0-9]")) {
343 #t_reply("404","Not Found");
344 # exit;
345 #}
347 # uncomment the following lines to redirect
348 # failed calls to a different new destination
349 #if (t_check_status("486|408")) {
350 # sethostport("192.168.2.100:5060");
351 # append_branch();
352 # # do not set the missed call flag again
353 # t_relay();
354 #}
355 }
358 #
359 # Local Request Routing Logic
360 #
361 local_route {
362 if (is_method("INVITE") && $ru=~"@foreign.tld") {
363 append_hf("P-hint: foreign request\r\n");
364 exit;
365 }
366 if (is_method("BYE"))
367 xlog("L_INFO", "internally generated BYE\n");
368 }
371 #
372 # Error Request Routing Logic
373 #
374 error_route {
375 xlog("L_ERR", "error route class=$(err.class) level=$(err.level) info=$(err.info) rcode=$(err.rcode) rreason=$(err.rreason)\n");
376 xlog("L_ERR", "error from [$si:$sp]\n");
377 xlog("L_ERR", "++++\n$mb\n++++\n");
378 sl_send_reply("$err.rcode", "$err.rreason");
379 exit;
380 }
