oversip 0.9.0 → 0.9.1

data/etc/oversip.conf

@@ -0,0 +1,233 @@
+#
+# OverSIP - Configuration file.
+#
+#
+# IMPORTANT:
+#   This is a YAML [1] format configuration file. DON'T USE tab for indentation
+#   as it's not allowed and would raise unexpected errors. Instead, respect
+#   the existing indentation spaces.
+#   [1] http://en.wikipedia.org/wiki/YAML
+
+
+core:
+
+  # DNS nameserver to use. Note that OverSIP requires a recursive DNS server
+  # (recommended unbound: a DNS recursive and caching DNS resolver).
+  # Value can be:
+  # - An IPv4.
+  # - An array of IPv4 (for failover).
+  # - _null_: nameservers in /etc/resolv.conf are used.
+  # Default value is _null_.
+  #
+  nameservers: 127.0.0.1
+
+  # Syslog facility. Can be "user", "local0"..."local7".
+  # By default "user".
+  #
+  syslog_facility: user
+
+  # Syslog level. Can be "debug", "info", "notice", "warn", "error", "crit".
+  # By default "info".
+  #
+  syslog_level: debug
+
+
+sip:
+
+  # Use SIP over UDP. By default _yes_.
+  #
+  sip_udp: yes
+
+  # Use SIP over TCP. By default _yes_.
+  #
+  sip_tcp: yes
+
+  # Use SIP over TLS. By default _yes_.
+  #
+  sip_tls: yes
+
+  # Enable or dissable IPv4. By default _yes_.
+  #
+  enable_ipv4: yes
+
+  # IPv4 in which OverSIP listens for SIP messages. Using "0.0.0.0" is not
+  # allowed.
+  # - Use an IPv4 string for listening in that address.
+  # - Use _null_ for IP autodiscovery.
+  # Default value is _null_.
+  #
+  listen_ipv4: null
+
+  # Enable or dissable IPv6. By default _yes_.
+  #
+  enable_ipv6: yes
+
+  # IPv6 in which OverSIP listens for SIP messages. Using "::" is not
+  # allowed.
+  # - Use an IPv6 string for listening in that address.
+  # - Use _null_ for IP autodiscovery.
+  # Default value is _null_.
+  #
+  listen_ipv6: null
+
+  # Listening port for SIP over UDP and TCP.
+  # By default 5060.
+  #
+  listen_port: 5060
+
+  # Listening port for SIP over TLS.
+  # By default 5061.
+  #
+  listen_port_tls: 5061
+
+  # By enabling this option OverSIP does not listen in SIP TLS but, instead,
+  # runs an instance of Stud TLS proxy which communicates with OverSIP using
+  # plain TCP.
+  # By default _yes_.
+  #
+  use_tls_tunnel: yes
+
+  # The port which listens for TCP traffic from the Stud TLS proxy running in
+  # this host.
+  # By default 5062.
+  #
+  listen_port_tls_tunnel: 5062
+
+  # Local domains OverSIP is responsible for.  Value can be:
+  # - A domain.
+  # - An array of domains.
+  # - _null_: no one, just local IP's are matched as local destinations.
+  # Default value is _null_.
+  #
+  # local domains: [ example.net, sip.example.org ]
+  local_domains: null
+
+  # TCP keepalive interval (in seconds).
+  # When acting as a TCP server, OverSIP sends TCP packets with null data payload
+  # as described in http://tldp.org/HOWTO/html_single/TCP-Keepalive-HOWTO/.
+  # If not set, TCP keepalive is dissabled.
+  # Minimun value is 180 seconds. Default value is _null_ (not enabled).
+  #
+  tcp_keepalive_interval: 300
+
+  # Use a hostname for Record-Route/Path header when using TLS or WSS transports
+  # over IPv4 (rather than using the server IP). This is good when a peer
+  # sends us an in-dialog request via TLS so it could check whether the host part
+  # of the top Route header matches a domain in the certificate we provide to it.
+  # If not set, the server IPv4 will be used.
+  # Default value is _null_ (IPv4 is used).
+  #
+  # record_route_hostname_tls_ipv4: outbound.example.net
+  record_route_hostname_tls_ipv4: null
+
+  # The same for IPv6.
+  # If not set, the server IPv6 will be used.
+  # Default value is _null_ (IPv6 is used).
+  #
+  # record_route_hostname_tls_ipv6: outbound.example.net
+  record_route_hostname_tls_ipv6:  null
+
+
+websocket:
+
+  # Use SIP over WebSocket. By default _yes_.
+  #
+  sip_ws: yes
+
+  # Use SIP over WebSocket with TLS. By default _yes_.
+  #
+  sip_wss: yes
+
+  # Enable or dissable IPv4. By default _yes_.
+  #
+  enable_ipv4: yes
+
+  # IPv4 in which OverSIP listens for WebSocket messages. Using "0.0.0.0" is not
+  # allowed.
+  # - Use an IPv4 string for listening in that address.
+  # - Use _null_ for IP autodiscovery.
+  # Default value is _null_.
+  #
+  listen_ipv4: null
+
+  # Enable or dissable IPv6. By default _yes_.
+  enable_ipv6: yes
+
+  # IPv6 in which OverSIP listens for SIP messages. Using "::" is not
+  # allowed.
+  # - Use an IPv6 string for listening in that address.
+  # - Use _null_ for IP autodiscovery.
+  # Default value is _null_.
+  #
+  listen_ipv6: null
+
+  # Listening port for WebSocket over HTTP.
+  # By default 10080.
+  #
+  listen_port: 10080
+
+  # Listening port for WebSocket over HTTPS.
+  # By default 10443.
+  #
+  listen_port_tls: 10443
+
+  # By enabling this option OverSIP does not listen in WebSocket TLS but, instead,
+  # runs an instance of Stud TLS proxy which communicates with OverSIP using
+  # plain TCP.
+  # By default _yes_.
+  #
+  use_tls_tunnel: yes
+
+  # The port which listens for TCP traffic from the Stud TLS proxy running in
+  # this host.
+  # By default 10444.
+  #
+  listen_port_tls_tunnel: 10444
+
+  # WebSocket message max size (bytes). By default 65536.
+  #
+  max_ws_message_size: 65536
+
+  # WebSocket frame max size (bytes). By default 65536.
+  #
+  max_ws_frame_size: 65536
+
+  # WebSocket PING frames interval (in seconds).
+  # If set, OverSIP sends WebSocket PING control frames as the given interval.
+  # Minimun value is 180. Default value is _null_.
+  #
+  ws_keepalive_interval: 300
+
+
+# TLS parameters affect to any interface of OverSIP using TLS, including SIP and WebSocket.
+tls:
+
+  # Server TLS public certificate. It must be the name of a readable file containing a
+  # chain of X509 certificates in PEM format, with the most-resolved certificate at the
+  # top of the file, successive intermediate certs in the middle, and the root (or CA)
+  # cert at the bottom.
+  # If not set, TLS is dissabled. Default value is _null_.
+  # If a relative path is given, it's searched under the tls/ directoy in the OverSIP
+  # configuration directory (typically /etc/oversip/).
+  #
+  public_cert: demo-tls.oversip.net.crt
+
+  # Server TLS private certificate. It must be the name of a readable file containing a
+  # private key in the PEM format.
+  # If not set, TLS is dissabled. Default value is _null_.
+  # If a relative path is given, it's searched under the tls/ directoy in the OverSIP
+  # configuration directory (typically /etc/oversip/).
+  # NOTE: The private key MUST NOT require password.
+  #
+  private_cert: demo-tls.oversip.net.key
+
+  # Directory of TLS CAs. It must be the name of a readable directory. Every file in
+  # that directory will be inspected and every X509 certificate in PEM format extracted.
+  # This is useful for storing the list of trusted CAs (i.e. http://curl.haxx.se/ca/cacert.pem)
+  # or CAs not in a standard trust hierarchy.
+  # This is *required* for validating certificates provided by remote peers.
+  # If _null_ this feature is dissabled. Default value is _null_.
+  # If a relative path is given, it's searched under the tls/ directoy in the OverSIP
+  # configuration directory (typically /etc/oversip/).
+  #
+  ca_dir: ca/

data/etc/proxies.conf

@@ -0,0 +1,137 @@
+#
+# OverSIP - Proxies configuration.
+#
+#
+# IMPORTANT:
+#   This is a YAML [1] format configuration file. DON'T USE tab for indentation
+#   as it's not allowed and would raise unexpected errors. Instead, respect
+#   the existing indentation spaces.
+#   [1] http://en.wikipedia.org/wiki/YAML
+
+
+# Default proxy configuration.
+#
+default_proxy:
+
+  # Loose-Routing.
+  # For initial INVITE, SUBSCRIBE and REFER requests the proxy adds Record-Route header(s).
+  # For REGISTER requests the proxy adds Path header(s).
+  # By default _yes_.
+  #
+  do_loose_routing: yes
+
+  # Enable DNS cache. By default _yes_.
+  #
+  use_dns_cache: yes
+
+  # DNS cache time (in seconds). A DNS result is removed from the cache after the given time.
+  # Minimum value is 300. Default value is 300.
+  #
+  dns_cache_time: 300
+
+  # Use DNS NAPTR. If set, NAPTR query is performed when URI host is a domain, has no port nor
+  # ;transport param.
+  # Default value is _yes_.
+  #
+  use_naptr: yes
+
+  # Use DNS SRV. If set, SRV query is performed when URI host is a domain and has no port,
+  # If this is set to _no_ then _use_naptr_ is also set to _no_.
+  # Default value is _yes_.
+  #
+  use_srv: yes
+
+  # Transport preference. The list of supported transports in order of preference.
+  # When there is NAPTR record, its SRV records are tryed in this order just in the case
+  # _force_transport_preference_ is _yes_.
+  # If there is not NAPTR record, SRV records are then tryed in this order.
+  # Valid transports are "udp", "tcp" and "tls".
+  # Default value is ["tls", "tcp", "udp"] (first try "tls").
+  #
+  transport_preference: ["tls", "tcp", "udp"]
+
+  # Force transport preference. If _no_, transport preference is taken from NAPTR records
+  # (when present). If _yes_, transport preferences are taken from transport_preference
+  # parameter even for NAPTR records.
+  # Default value is _no_.
+  #
+  force_transport_preference: no
+
+  # IP type preference. When both IPv4 and IPv6 are available, this parameter determines
+  # whether to try first DNS A or AAAA queries. It also determines the IP type this proxy
+  # is allowed to use for routing requests.
+  # Valid IP types are "ipv4" and "ipv6".
+  # Default value is ["ipv4", "ipv6"] (first try "ipv4").
+  #
+  ip_type_preference: ["ipv4", "ipv6"]
+
+  # DNS failover on received 503.
+  # RFC 3261 section 16.7 "Response Processing" states that a proxy receiving a 503 MUST
+  # convert it into a 500 (unless certain cases). We make it optional.
+  # Default value is _yes_.
+  #
+  dns_failover_on_503: yes
+
+  # INVITE transaction timeout timer (in seconds).
+  # Time waiting for a provisional or final response.
+  # Minimum value is 2, maximum value is 64.
+  # Default value is 32.
+  #
+  timer_B: 32
+
+  # Proxy INVITE transaction timeout timer (in seconds).
+  # Time waiting for a final response.
+  # Minimum value is 8, maximum value is 180.
+  # Default value is 120.
+  #
+  timer_C: 120
+
+  # Non-INVITE transaction timeout timer (in seconds).
+  # Time waiting for a final response.
+  # Minimum value is 2, maximum value is 64.
+  # Default value is 32.
+  #
+  timer_F: 32
+
+  # Validate TLS certificate from the contacted server (just when using TLS transport).
+  # If set to _yes_, the contacted server MUST present a valid certificate. The connection
+  # will be inmediately closed otherwise and a 500 error locally generated.
+  # NOTE: This does not match the SIP request destination host agains the hosts asserted by
+  # the certificate. This just performs TLS certificate pure validation.
+  # Default value is _no_.
+  tls_validation: no
+
+
+# Proxy configuration for routing in-dialog requests.
+#
+proxy_in_dialog:
+
+  use_dns: yes
+  use_dns_cache: yes
+  dns_cache_time: 300
+  use_naptr: no
+  use_srv: no
+  timer_B: 32
+  timer_C: 60
+  timer_F: 32
+
+
+# Proxy configuration for routing initial requests to clients.
+proxy_to_users:
+
+  use_dns: no
+  dns_failover_on_503: no
+  timer_B: 32
+  timer_F: 32
+
+
+# Proxy configuration for routing initial requests to the external world.
+proxy_out:
+
+  dns_failover_on_503: yes
+  timer_B: 6
+  timer_C: 60
+  timer_F: 6
+
+
+# Add your own proxy configurations here.