oversip 0.9.0 → 0.9.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/{AUTHORS.txt → AUTHORS} +0 -0
- data/{LICENSE.txt → LICENSE} +5 -2
- data/README.md +1 -1
- data/Rakefile +1 -1
- data/debian/changelog +5 -0
- data/debian/compat +1 -0
- data/debian/control +25 -0
- data/debian/copyright +25 -0
- data/debian/oversip.default +12 -0
- data/debian/oversip.init +203 -0
- data/debian/postinst +39 -0
- data/debian/postrm +10 -0
- data/debian/rules +66 -0
- data/etc/logic.rb +181 -0
- data/etc/oversip.conf +233 -0
- data/etc/proxies.conf +137 -0
- data/etc/tls/ca/cacert.pem +3825 -0
- data/etc/tls/demo-tls.oversip.net.crt +17 -0
- data/etc/tls/demo-tls.oversip.net.key +15 -0
- data/etc/tls/upgrade-cacert.sh +12 -0
- data/etc/tls/utils/create-cert.rb +162 -0
- data/etc/tls/utils/get-sip-identities.rb +95 -0
- data/etc/websocket_policy.rb +31 -0
- data/ext/stud/extconf.rb +3 -2
- data/lib/oversip/launcher.rb +3 -0
- data/lib/oversip/version.rb +1 -1
- data/{ext → thirdparty}/stud/stud.tar.gz +0 -0
- metadata +37 -18
data/etc/oversip.conf
ADDED
@@ -0,0 +1,233 @@
|
|
1
|
+
#
|
2
|
+
# OverSIP - Configuration file.
|
3
|
+
#
|
4
|
+
#
|
5
|
+
# IMPORTANT:
|
6
|
+
# This is a YAML [1] format configuration file. DON'T USE tab for indentation
|
7
|
+
# as it's not allowed and would raise unexpected errors. Instead, respect
|
8
|
+
# the existing indentation spaces.
|
9
|
+
# [1] http://en.wikipedia.org/wiki/YAML
|
10
|
+
|
11
|
+
|
12
|
+
core:
|
13
|
+
|
14
|
+
# DNS nameserver to use. Note that OverSIP requires a recursive DNS server
|
15
|
+
# (recommended unbound: a DNS recursive and caching DNS resolver).
|
16
|
+
# Value can be:
|
17
|
+
# - An IPv4.
|
18
|
+
# - An array of IPv4 (for failover).
|
19
|
+
# - _null_: nameservers in /etc/resolv.conf are used.
|
20
|
+
# Default value is _null_.
|
21
|
+
#
|
22
|
+
nameservers: 127.0.0.1
|
23
|
+
|
24
|
+
# Syslog facility. Can be "user", "local0"..."local7".
|
25
|
+
# By default "user".
|
26
|
+
#
|
27
|
+
syslog_facility: user
|
28
|
+
|
29
|
+
# Syslog level. Can be "debug", "info", "notice", "warn", "error", "crit".
|
30
|
+
# By default "info".
|
31
|
+
#
|
32
|
+
syslog_level: debug
|
33
|
+
|
34
|
+
|
35
|
+
sip:
|
36
|
+
|
37
|
+
# Use SIP over UDP. By default _yes_.
|
38
|
+
#
|
39
|
+
sip_udp: yes
|
40
|
+
|
41
|
+
# Use SIP over TCP. By default _yes_.
|
42
|
+
#
|
43
|
+
sip_tcp: yes
|
44
|
+
|
45
|
+
# Use SIP over TLS. By default _yes_.
|
46
|
+
#
|
47
|
+
sip_tls: yes
|
48
|
+
|
49
|
+
# Enable or dissable IPv4. By default _yes_.
|
50
|
+
#
|
51
|
+
enable_ipv4: yes
|
52
|
+
|
53
|
+
# IPv4 in which OverSIP listens for SIP messages. Using "0.0.0.0" is not
|
54
|
+
# allowed.
|
55
|
+
# - Use an IPv4 string for listening in that address.
|
56
|
+
# - Use _null_ for IP autodiscovery.
|
57
|
+
# Default value is _null_.
|
58
|
+
#
|
59
|
+
listen_ipv4: null
|
60
|
+
|
61
|
+
# Enable or dissable IPv6. By default _yes_.
|
62
|
+
#
|
63
|
+
enable_ipv6: yes
|
64
|
+
|
65
|
+
# IPv6 in which OverSIP listens for SIP messages. Using "::" is not
|
66
|
+
# allowed.
|
67
|
+
# - Use an IPv6 string for listening in that address.
|
68
|
+
# - Use _null_ for IP autodiscovery.
|
69
|
+
# Default value is _null_.
|
70
|
+
#
|
71
|
+
listen_ipv6: null
|
72
|
+
|
73
|
+
# Listening port for SIP over UDP and TCP.
|
74
|
+
# By default 5060.
|
75
|
+
#
|
76
|
+
listen_port: 5060
|
77
|
+
|
78
|
+
# Listening port for SIP over TLS.
|
79
|
+
# By default 5061.
|
80
|
+
#
|
81
|
+
listen_port_tls: 5061
|
82
|
+
|
83
|
+
# By enabling this option OverSIP does not listen in SIP TLS but, instead,
|
84
|
+
# runs an instance of Stud TLS proxy which communicates with OverSIP using
|
85
|
+
# plain TCP.
|
86
|
+
# By default _yes_.
|
87
|
+
#
|
88
|
+
use_tls_tunnel: yes
|
89
|
+
|
90
|
+
# The port which listens for TCP traffic from the Stud TLS proxy running in
|
91
|
+
# this host.
|
92
|
+
# By default 5062.
|
93
|
+
#
|
94
|
+
listen_port_tls_tunnel: 5062
|
95
|
+
|
96
|
+
# Local domains OverSIP is responsible for. Value can be:
|
97
|
+
# - A domain.
|
98
|
+
# - An array of domains.
|
99
|
+
# - _null_: no one, just local IP's are matched as local destinations.
|
100
|
+
# Default value is _null_.
|
101
|
+
#
|
102
|
+
# local domains: [ example.net, sip.example.org ]
|
103
|
+
local_domains: null
|
104
|
+
|
105
|
+
# TCP keepalive interval (in seconds).
|
106
|
+
# When acting as a TCP server, OverSIP sends TCP packets with null data payload
|
107
|
+
# as described in http://tldp.org/HOWTO/html_single/TCP-Keepalive-HOWTO/.
|
108
|
+
# If not set, TCP keepalive is dissabled.
|
109
|
+
# Minimun value is 180 seconds. Default value is _null_ (not enabled).
|
110
|
+
#
|
111
|
+
tcp_keepalive_interval: 300
|
112
|
+
|
113
|
+
# Use a hostname for Record-Route/Path header when using TLS or WSS transports
|
114
|
+
# over IPv4 (rather than using the server IP). This is good when a peer
|
115
|
+
# sends us an in-dialog request via TLS so it could check whether the host part
|
116
|
+
# of the top Route header matches a domain in the certificate we provide to it.
|
117
|
+
# If not set, the server IPv4 will be used.
|
118
|
+
# Default value is _null_ (IPv4 is used).
|
119
|
+
#
|
120
|
+
# record_route_hostname_tls_ipv4: outbound.example.net
|
121
|
+
record_route_hostname_tls_ipv4: null
|
122
|
+
|
123
|
+
# The same for IPv6.
|
124
|
+
# If not set, the server IPv6 will be used.
|
125
|
+
# Default value is _null_ (IPv6 is used).
|
126
|
+
#
|
127
|
+
# record_route_hostname_tls_ipv6: outbound.example.net
|
128
|
+
record_route_hostname_tls_ipv6: null
|
129
|
+
|
130
|
+
|
131
|
+
websocket:
|
132
|
+
|
133
|
+
# Use SIP over WebSocket. By default _yes_.
|
134
|
+
#
|
135
|
+
sip_ws: yes
|
136
|
+
|
137
|
+
# Use SIP over WebSocket with TLS. By default _yes_.
|
138
|
+
#
|
139
|
+
sip_wss: yes
|
140
|
+
|
141
|
+
# Enable or dissable IPv4. By default _yes_.
|
142
|
+
#
|
143
|
+
enable_ipv4: yes
|
144
|
+
|
145
|
+
# IPv4 in which OverSIP listens for WebSocket messages. Using "0.0.0.0" is not
|
146
|
+
# allowed.
|
147
|
+
# - Use an IPv4 string for listening in that address.
|
148
|
+
# - Use _null_ for IP autodiscovery.
|
149
|
+
# Default value is _null_.
|
150
|
+
#
|
151
|
+
listen_ipv4: null
|
152
|
+
|
153
|
+
# Enable or dissable IPv6. By default _yes_.
|
154
|
+
enable_ipv6: yes
|
155
|
+
|
156
|
+
# IPv6 in which OverSIP listens for SIP messages. Using "::" is not
|
157
|
+
# allowed.
|
158
|
+
# - Use an IPv6 string for listening in that address.
|
159
|
+
# - Use _null_ for IP autodiscovery.
|
160
|
+
# Default value is _null_.
|
161
|
+
#
|
162
|
+
listen_ipv6: null
|
163
|
+
|
164
|
+
# Listening port for WebSocket over HTTP.
|
165
|
+
# By default 10080.
|
166
|
+
#
|
167
|
+
listen_port: 10080
|
168
|
+
|
169
|
+
# Listening port for WebSocket over HTTPS.
|
170
|
+
# By default 10443.
|
171
|
+
#
|
172
|
+
listen_port_tls: 10443
|
173
|
+
|
174
|
+
# By enabling this option OverSIP does not listen in WebSocket TLS but, instead,
|
175
|
+
# runs an instance of Stud TLS proxy which communicates with OverSIP using
|
176
|
+
# plain TCP.
|
177
|
+
# By default _yes_.
|
178
|
+
#
|
179
|
+
use_tls_tunnel: yes
|
180
|
+
|
181
|
+
# The port which listens for TCP traffic from the Stud TLS proxy running in
|
182
|
+
# this host.
|
183
|
+
# By default 10444.
|
184
|
+
#
|
185
|
+
listen_port_tls_tunnel: 10444
|
186
|
+
|
187
|
+
# WebSocket message max size (bytes). By default 65536.
|
188
|
+
#
|
189
|
+
max_ws_message_size: 65536
|
190
|
+
|
191
|
+
# WebSocket frame max size (bytes). By default 65536.
|
192
|
+
#
|
193
|
+
max_ws_frame_size: 65536
|
194
|
+
|
195
|
+
# WebSocket PING frames interval (in seconds).
|
196
|
+
# If set, OverSIP sends WebSocket PING control frames as the given interval.
|
197
|
+
# Minimun value is 180. Default value is _null_.
|
198
|
+
#
|
199
|
+
ws_keepalive_interval: 300
|
200
|
+
|
201
|
+
|
202
|
+
# TLS parameters affect to any interface of OverSIP using TLS, including SIP and WebSocket.
|
203
|
+
tls:
|
204
|
+
|
205
|
+
# Server TLS public certificate. It must be the name of a readable file containing a
|
206
|
+
# chain of X509 certificates in PEM format, with the most-resolved certificate at the
|
207
|
+
# top of the file, successive intermediate certs in the middle, and the root (or CA)
|
208
|
+
# cert at the bottom.
|
209
|
+
# If not set, TLS is dissabled. Default value is _null_.
|
210
|
+
# If a relative path is given, it's searched under the tls/ directoy in the OverSIP
|
211
|
+
# configuration directory (typically /etc/oversip/).
|
212
|
+
#
|
213
|
+
public_cert: demo-tls.oversip.net.crt
|
214
|
+
|
215
|
+
# Server TLS private certificate. It must be the name of a readable file containing a
|
216
|
+
# private key in the PEM format.
|
217
|
+
# If not set, TLS is dissabled. Default value is _null_.
|
218
|
+
# If a relative path is given, it's searched under the tls/ directoy in the OverSIP
|
219
|
+
# configuration directory (typically /etc/oversip/).
|
220
|
+
# NOTE: The private key MUST NOT require password.
|
221
|
+
#
|
222
|
+
private_cert: demo-tls.oversip.net.key
|
223
|
+
|
224
|
+
# Directory of TLS CAs. It must be the name of a readable directory. Every file in
|
225
|
+
# that directory will be inspected and every X509 certificate in PEM format extracted.
|
226
|
+
# This is useful for storing the list of trusted CAs (i.e. http://curl.haxx.se/ca/cacert.pem)
|
227
|
+
# or CAs not in a standard trust hierarchy.
|
228
|
+
# This is *required* for validating certificates provided by remote peers.
|
229
|
+
# If _null_ this feature is dissabled. Default value is _null_.
|
230
|
+
# If a relative path is given, it's searched under the tls/ directoy in the OverSIP
|
231
|
+
# configuration directory (typically /etc/oversip/).
|
232
|
+
#
|
233
|
+
ca_dir: ca/
|
data/etc/proxies.conf
ADDED
@@ -0,0 +1,137 @@
|
|
1
|
+
#
|
2
|
+
# OverSIP - Proxies configuration.
|
3
|
+
#
|
4
|
+
#
|
5
|
+
# IMPORTANT:
|
6
|
+
# This is a YAML [1] format configuration file. DON'T USE tab for indentation
|
7
|
+
# as it's not allowed and would raise unexpected errors. Instead, respect
|
8
|
+
# the existing indentation spaces.
|
9
|
+
# [1] http://en.wikipedia.org/wiki/YAML
|
10
|
+
|
11
|
+
|
12
|
+
# Default proxy configuration.
|
13
|
+
#
|
14
|
+
default_proxy:
|
15
|
+
|
16
|
+
# Loose-Routing.
|
17
|
+
# For initial INVITE, SUBSCRIBE and REFER requests the proxy adds Record-Route header(s).
|
18
|
+
# For REGISTER requests the proxy adds Path header(s).
|
19
|
+
# By default _yes_.
|
20
|
+
#
|
21
|
+
do_loose_routing: yes
|
22
|
+
|
23
|
+
# Enable DNS cache. By default _yes_.
|
24
|
+
#
|
25
|
+
use_dns_cache: yes
|
26
|
+
|
27
|
+
# DNS cache time (in seconds). A DNS result is removed from the cache after the given time.
|
28
|
+
# Minimum value is 300. Default value is 300.
|
29
|
+
#
|
30
|
+
dns_cache_time: 300
|
31
|
+
|
32
|
+
# Use DNS NAPTR. If set, NAPTR query is performed when URI host is a domain, has no port nor
|
33
|
+
# ;transport param.
|
34
|
+
# Default value is _yes_.
|
35
|
+
#
|
36
|
+
use_naptr: yes
|
37
|
+
|
38
|
+
# Use DNS SRV. If set, SRV query is performed when URI host is a domain and has no port,
|
39
|
+
# If this is set to _no_ then _use_naptr_ is also set to _no_.
|
40
|
+
# Default value is _yes_.
|
41
|
+
#
|
42
|
+
use_srv: yes
|
43
|
+
|
44
|
+
# Transport preference. The list of supported transports in order of preference.
|
45
|
+
# When there is NAPTR record, its SRV records are tryed in this order just in the case
|
46
|
+
# _force_transport_preference_ is _yes_.
|
47
|
+
# If there is not NAPTR record, SRV records are then tryed in this order.
|
48
|
+
# Valid transports are "udp", "tcp" and "tls".
|
49
|
+
# Default value is ["tls", "tcp", "udp"] (first try "tls").
|
50
|
+
#
|
51
|
+
transport_preference: ["tls", "tcp", "udp"]
|
52
|
+
|
53
|
+
# Force transport preference. If _no_, transport preference is taken from NAPTR records
|
54
|
+
# (when present). If _yes_, transport preferences are taken from transport_preference
|
55
|
+
# parameter even for NAPTR records.
|
56
|
+
# Default value is _no_.
|
57
|
+
#
|
58
|
+
force_transport_preference: no
|
59
|
+
|
60
|
+
# IP type preference. When both IPv4 and IPv6 are available, this parameter determines
|
61
|
+
# whether to try first DNS A or AAAA queries. It also determines the IP type this proxy
|
62
|
+
# is allowed to use for routing requests.
|
63
|
+
# Valid IP types are "ipv4" and "ipv6".
|
64
|
+
# Default value is ["ipv4", "ipv6"] (first try "ipv4").
|
65
|
+
#
|
66
|
+
ip_type_preference: ["ipv4", "ipv6"]
|
67
|
+
|
68
|
+
# DNS failover on received 503.
|
69
|
+
# RFC 3261 section 16.7 "Response Processing" states that a proxy receiving a 503 MUST
|
70
|
+
# convert it into a 500 (unless certain cases). We make it optional.
|
71
|
+
# Default value is _yes_.
|
72
|
+
#
|
73
|
+
dns_failover_on_503: yes
|
74
|
+
|
75
|
+
# INVITE transaction timeout timer (in seconds).
|
76
|
+
# Time waiting for a provisional or final response.
|
77
|
+
# Minimum value is 2, maximum value is 64.
|
78
|
+
# Default value is 32.
|
79
|
+
#
|
80
|
+
timer_B: 32
|
81
|
+
|
82
|
+
# Proxy INVITE transaction timeout timer (in seconds).
|
83
|
+
# Time waiting for a final response.
|
84
|
+
# Minimum value is 8, maximum value is 180.
|
85
|
+
# Default value is 120.
|
86
|
+
#
|
87
|
+
timer_C: 120
|
88
|
+
|
89
|
+
# Non-INVITE transaction timeout timer (in seconds).
|
90
|
+
# Time waiting for a final response.
|
91
|
+
# Minimum value is 2, maximum value is 64.
|
92
|
+
# Default value is 32.
|
93
|
+
#
|
94
|
+
timer_F: 32
|
95
|
+
|
96
|
+
# Validate TLS certificate from the contacted server (just when using TLS transport).
|
97
|
+
# If set to _yes_, the contacted server MUST present a valid certificate. The connection
|
98
|
+
# will be inmediately closed otherwise and a 500 error locally generated.
|
99
|
+
# NOTE: This does not match the SIP request destination host agains the hosts asserted by
|
100
|
+
# the certificate. This just performs TLS certificate pure validation.
|
101
|
+
# Default value is _no_.
|
102
|
+
tls_validation: no
|
103
|
+
|
104
|
+
|
105
|
+
# Proxy configuration for routing in-dialog requests.
|
106
|
+
#
|
107
|
+
proxy_in_dialog:
|
108
|
+
|
109
|
+
use_dns: yes
|
110
|
+
use_dns_cache: yes
|
111
|
+
dns_cache_time: 300
|
112
|
+
use_naptr: no
|
113
|
+
use_srv: no
|
114
|
+
timer_B: 32
|
115
|
+
timer_C: 60
|
116
|
+
timer_F: 32
|
117
|
+
|
118
|
+
|
119
|
+
# Proxy configuration for routing initial requests to clients.
|
120
|
+
proxy_to_users:
|
121
|
+
|
122
|
+
use_dns: no
|
123
|
+
dns_failover_on_503: no
|
124
|
+
timer_B: 32
|
125
|
+
timer_F: 32
|
126
|
+
|
127
|
+
|
128
|
+
# Proxy configuration for routing initial requests to the external world.
|
129
|
+
proxy_out:
|
130
|
+
|
131
|
+
dns_failover_on_503: yes
|
132
|
+
timer_B: 6
|
133
|
+
timer_C: 60
|
134
|
+
timer_F: 6
|
135
|
+
|
136
|
+
|
137
|
+
# Add your own proxy configurations here.
|