opensips/opensips.cfg@c98ae03f4266
opensips/opensips.cfg
Thu, 01 Dec 2011 13:33:32 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Thu, 01 Dec 2011 13:33:32 +0100
- changeset 397
- c98ae03f4266
- parent 382
- b972dc20871f
- permissions
- -rw-r--r--
Update and correct to vendor version, removing deprecated module logic.
1 ##
2 ## opensips.cfg -- OpenSIPS server configuration
3 ##
6 # General configuration help available at:
7 # http://siprouter.teigre.com/doc/gettingstarted/
9 # Specific routing help available at:
10 # http://www.opensips.org/index.php?n=Resources.DocsCoreRoutes
12 # Information on debug and log levels
13 # http://www.voice-system.ro/docs/ser-syslog/
15 # Die Konfigbloecke sind:
16 # Global Configuration Parameters
17 # Extension Module Loading
18 # Extension Module Configuration
19 # Main Request Routing Logic
20 # Secondary Request Routing Logic
21 # Branch Request Routing Logic
22 # Reply Request Routing Logic
23 # Failure Request Routing Logic
24 # Local Request Routing Logic
25 # Error Request Routing Logic
26 #
27 # Logging:
28 # L_ALERT (-3) - used if the error requires immediate action.
29 # L_CRIT (-2) - used if the error is a critical situation.
30 # L_ERR (-1) - used if the error doesn't cause system malfunctioning.
31 # L_WARN (1) - used to write warning messages.
32 # L_NOTICE (2) - used to report unusual situations.
33 # L_INFO (3) - used to write informational messages.
34 # L_DBG (4) - used to write messages for debugging.
37 #
38 # Global Configuration Parameters
39 #
40 # process configuration
41 debug=4
42 log_stderror=no
43 fork=yes
44 children=2
45 tcp_children=2
46 user="@l_rusr@"
47 group="@l_rgrp@"
48 wdir="@l_prefix@/var/opensips"
50 # network configuration
51 listen=udp:voip.realhost.tld:5060
52 #listen = tls:voip.realhost.tld:5061
54 # network aliases
55 alias=voip.firsthost.tld:5060
56 #alias=voip.firsthost.tld:5061
57 alias=voip.secondhost.tld:5060
58 #alias=voip.secondhost.tld:5061
60 # enable TLS
61 #https://confluence.terena.org/display/IPTelCB/3.5.2.+TLS+for+OpenSER+(UA-Proxy)
62 #http://www.opensips.org/html/docs/tutorials/tls-1.4.x.html
63 #
64 #Run 'openserctl tls rootCA' to create @l_prefix@/etc/openser/tls/rootCA/cacert.pem.
65 #Run 'openserctl tls userCERT' to create user-calist.pem, user-cert.pem, user-cert_req.pem, and user-privkey.pem in @l_prefix@/etc/openser/tls/user/.
66 #Copy @l_prefix@/etc/openser/tls/rootCA/cacert.pem to the client host.
67 #On Windows XP client hosts, run 'certmrg.msc' to import the certificate into the root certificate store.
68 #
69 #disable_tls = 0
70 #tls_method = TLSv1
71 #tls_verify_server = 1
72 #tls_verify_client = 1
73 #tls_require_client_certificate = 1
74 #tls_ciphers_list = "HIGH:MEDIUM:!ADH" # openssl ciphers -v HIGH:MEDIUM
75 #tls_certificate = "@l_prefix@/etc/opensips/tls/user/user-cert.pem"
76 #tls_private_key = "@l_prefix@/etc/opensips/tls/user/user-privkey.pem"
77 #tls_ca_list = "@l_prefix@/etc/opensips/tls/user/user-calist.pem"
80 #
81 # Extension Module Loading
82 # http://www.opensips.org/index.php?n=Resources.DocsModules
83 #
84 # set module path
85 mpath="@l_prefix@/lib/opensips/modules/"
87 loadmodule "sl.so" # Stateless replier
88 loadmodule "tm.so" # Transaction stateful
89 loadmodule "signaling.so" # Signaling wrapper of sl/tm
90 loadmodule "rr.so" # Record Route and Route
91 loadmodule "maxfwd.so" # Maximum Forward processor
92 loadmodule "db_text.so" # Text backend for database API
93 loadmodule "usrloc.so" # User location implementation
94 loadmodule "registrar.so" # SIP Registrar implementation
95 loadmodule "uri.so" # Generic URI operation
96 loadmodule "auth.so" # Authentication Interface
97 loadmodule "textops.so" # Text based manipulations
98 loadmodule "acc.so" # Accounting
99 loadmodule "auth_db.so" # Database backend authentication
100 loadmodule "mi_fifo.so" # FIFO support for Management Interface
101 #loadmodule "flatstore.so" # Fast writing only text database
102 #loadmodule "alias_db.so" # Database aliases
103 #loadmodule "domain.so" # Multidomain support
104 #loadmodule "nathelper.so" # NAT traversal helper
105 #loadmodule "enum.so" # ENUM lookup
108 #
109 # Extension Module Configuration
110 #
111 # ----- dbtext params -----
112 modparam("db_text", "db_mode", 0) # caching for persistence
114 # ----- multimodule params -----
115 modparam("usrloc|uri|auth_db", "db_url", "text://@l_prefix@/var/opensips/db")
117 # ----- rr params -----
118 modparam("rr", "append_fromtag", 1) # important when using detect_direction
120 # ----- usrloc params -----
121 /* see 'multimodule params' as well */
122 modparam("usrloc", "db_mode", 2) # Write back database persistence scheme
124 # ----- registrar params -----
125 modparam("registrar", "max_contacts", 10) # contacts per AOR allowed
127 # ----- acc params -----
128 /* see 'multimodule params' as well */
129 modparam("acc", "db_url", "dbtext://@l_prefix@/var/opensips/db")
130 #modparam("acc", "db_url", "flatstore:@l_prefix@/var/opensips/acc")
131 modparam("acc", "early_media", 1)
132 modparam("acc", "report_cancels", 1)
133 modparam("acc", "detect_direction", 1)
134 modparam("acc", "log_level", 2)
135 modparam("acc", "log_flag", 1)
136 modparam("acc", "log_missed_flag", 2)
137 modparam("acc", "db_flag", 1)
138 modparam("acc", "db_missed_flag", 2)
139 modparam("acc", "failed_transaction_flag", 4)
141 # ----- mi_fifo params -----
142 modparam("mi_fifo", "fifo_name", "@l_prefix@/var/opensips/opensips.fifo")
143 modparam("mi_fifo", "reply_dir", "@l_prefix@/var/opensips/tmp/")
146 #
147 # Main Request Routing Logic
148 #
149 route {
150 # message diagnostics
151 #log(3, "new branch at $ru\n");
152 xlog("L_INFO", "$rm: Orig - $ou\n");
153 xlog("L_INFO", "$rm: Req - $ru\n");
154 xlog("L_INFO", "$rm: To - $tu\n");
155 xlog("L_INFO", "$rm: Dest - $du\n");
156 xlog("L_INFO", "$rm: From - $fu\n");
158 # sanity checks
159 if (!mf_process_maxfwd_header("10")) { # avoid loops in forward logic
160 sl_send_reply("483","Too Many Hops");
161 exit;
162 }
163 if (msg:len > max_len) { # repel DoS attacks
164 sl_send_reply("513", "Message Too Large");
165 exit;
166 };
168 # sequential request within a dialog should
169 # take the path determined by record routing
170 if (has_totag()) {
171 if (loose_route()) {
172 if (is_method("BYE")) {
173 setflag(1); # do accouting...
174 setflag(4); # ...even if the transaction fails
175 }
176 # mark routing logic in request
177 append_hf("P-hint: rr-enforced\r\n");
178 route(1);
179 } else {
180 sl_send_reply("404", "Not Found");
181 }
182 exit;
183 }
185 #
186 # initial requests
187 #
188 if (is_method("CANCEL")) { # CANCEL processing
189 if (t_check_trans())
190 t_relay();
191 exit;
192 }
194 t_check_trans();
196 # authenticate if from local subscriber (uncomment to enable auth)
197 #if (!is_method("REGISTER") && from_uri == myself) {
198 # if (!proxy_authorize("", "subscriber")) {
199 # proxy_challenge("", "0");
200 # exit;
201 # }
202 # if (!check_from()) {
203 # sl_send_reply("403","Forbidden");
204 # exit;
205 # }
206 #
207 # consume_credentials();
208 # # caller authenticated
209 #}
211 # record route all messages to ensure that subsequent messages
212 # will go through our proxy, particularly good if upstream
213 # and downstream entities use different transport protocol
214 if (!is_method("REGISTER|MESSAGE")) {
215 record_route();
216 }
218 # account only INVITEs
219 if (is_method("INVITE")) {
220 setflag(1);
221 }
223 if (!uri == myself) {
224 /* replace with following line if multidomain support is used */
225 #if (!is_uri_host_local()) {
226 append_hf("P-hint: outbound\r\n");
227 # if you have some interdomain connections via TLS
228 #if ($rd == "tls_domain1.net") {
229 # t_relay("tls:domain1.net");
230 # exit;
231 #} else if ($rd == "tls_domain2.net") {
232 # t_relay("tls:domain2.net");
233 # exit;
234 #}
235 route(1);
236 }
238 #
239 # requests for my domain
240 #
241 if (is_method("PUBLISH")) {
242 sl_send_reply("503", "Service Unavailable");
243 exit;
244 }
246 if (is_method("REGISTER")) {
247 # authenticate the REGISTER requests (uncomment to enable auth)
248 #if (!www_authorize("", "subscriber")) {
249 # www_challenge("", "0");
250 # exit;
251 #}
252 #
253 #if (!check_to()) {
254 # sl_send_reply("403","Forbidden");
255 # exit;
256 #}
258 if (!save("location"))
259 sl_reply_error();
261 exit;
262 }
264 if ($rU == NULL) {
265 # request with no Username in RURI
266 sl_send_reply("484","Address Incomplete");
267 exit;
268 }
270 lookup("location");
271 switch ($retcode) {
272 case 1:
273 append_hf("P-hint: usrloc applied\r\n");
274 break;
275 case -1:
276 t_newtran();
277 t_reply("404", "Not Found");
278 exit;
279 case -2:
280 sl_send_reply("405", "Method Not Allowed");
281 exit;
282 case -3:
283 t_newtran();
284 t_reply("500", "Server Internal Error");
285 exit;
286 }
288 setflag(2); # when routing via usrloc then
289 route(1); # log the missed calls as well
290 }
293 #
294 # Secondary Request Routing Logic
295 #
296 route[1] {
297 # for INVITEs enable some additional helper routes
298 if (is_method("INVITE")) {
299 t_on_branch("1");
300 t_on_reply("1");
301 t_on_failure("1");
302 }
304 # send with stateful forwarding which works reliably even for UDP2TCP
305 if (!t_relay())
306 sl_reply_error();
308 exit; # safeguard
309 }
312 #
313 # Branch Request Routing Logic
314 #
315 branch_route[1] {
316 xlog("L_INFO", "new branch at $ru\n");
317 }
320 #
321 # Reply Request Routing Logic
322 #
323 onreply_route[1] {
324 xlog("L_INFO", "incoming reply at $ru\n");
325 # if ($ua =~ fritz.box)
326 # xlog("L_ERR", "$rm: The Fritzbox replied!\n");
327 # if ($ua =~ fritz.box && has_body("application/sdp"))
328 # search_append_body("a=sendrecv.*", "\na=ptime:30");
329 }
332 #
333 # Failure Request Routing Logic
334 #
335 failure_route[1] {
336 xlog("L_INFO", "failed route at $ru\n");
337 if (t_was_cancelled())
338 exit;
340 # uncomment the following lines to block
341 # client redirect based on 3xx replies
342 #if (t_check_status("3[0-9][0-9]")) {
343 #t_reply("404","Not Found");
344 # exit;
345 #}
347 # uncomment the following lines to redirect
348 # failed calls to a different new destination
349 #if (t_check_status("486|408")) {
350 # sethostport("192.168.2.100:5060");
351 # append_branch();
352 # # do not set the missed call flag again
353 # t_relay();
354 #}
355 }
358 #
359 # Local Request Routing Logic
360 #
361 local_route {
362 if (is_method("INVITE") && $ru=~"@foreign.tld") {
363 append_hf("P-hint: foreign request\r\n");
364 exit;
365 }
366 if (is_method("BYE"))
367 xlog("L_INFO", "internally generated BYE\n");
368 }
371 #
372 # Error Request Routing Logic
373 #
374 error_route {
375 xlog("L_ERR", "error route class=$(err.class) level=$(err.level) info=$(err.info) rcode=$(err.rcode) rreason=$(err.rreason)\n");
376 xlog("L_ERR", "error from [$si:$sp]\n");
377 xlog("L_ERR", "++++\n$mb\n++++\n");
378 sl_send_reply("$err.rcode", "$err.rreason");
379 exit;
380 }
