Servers started by default when '--server' is not specified in the command line. Possible values are: 'proxy', 'presence', 'conference', 'regevent', 'b2bua' and 'voicemail'. Each value must be separated by a whitespace.

Automatically respawn Flexisip in case of abnormal termination (crashes). This only has an effect if Flexisip is launched with '--daemon' option

Path to the directory that contains plugins.

Plugins to load.
The list of installed plugins can be found at <prefix>/lib/flexisip/plugins.
The name of a plugin can be built from the corresponding library name by removing the extension and the 'lib' prefix.
Example: 'test' will load libtest.so at runtime.

Generate a core dump on crash.
On GNU/Linux, the action to do on core dump is defined by the kernel file '/proc/sys/kernel/core_pattern'.
On recent distributions like RHEL 8, the generated core dumps are given by default to the core manager of SystemD. Core dumps can easily be listed by using the coredumpctl(1) command.
On older distributions, core dumps are often written in the root ('/') directory. If your root directory has little available space, it is recommended to relocate your core dumps in another place by modifying the 'core_pattern' file on system boot. This can be done by adding the following line in '/etc/rc.local':
    echo '/home/cores/core.%e.%t.%p' > /proc/sys/kernel/core_pattern

See core(5) manual for more information about core handling on GNU/Linux.

Enable SNMP.

Path to the directory where log files will be created.
WARNING: Flexisip has no embedded log rotation system but provides a configuration file for logrotate.
Please make sure that logrotate is installed and running on your system in order to have Flexisip's logs rotated. Log rotation can be customized by editing /etc/logrotate.d/flexisip-logrotate.

Name of the log file
.The string '{server}' is a placeholder that is replaced with the corresponding server type. If several server types are specified, then '{server}' will be replaced by the concatenation of all server types separated by a '+' character.
Example: 'proxy+presence'.

Logging verbosity.
Possible values are: 'debug', 'message', 'warning' and 'error'

Syslog logging verbosity.
Possible values are: 'debug', 'message', 'warning' and 'error'

Sofia-SIP logging verbosity.
These logs are only displayed if 'log-level' is set to 'debug' or if the program is started with the '-d' (--debug) option. The verbosity levels range from 1 to 9:
    1 -> Critical errors
    2 -> Non-critical errors
    3 -> Warnings and progress messages
    5 -> Signaling protocol actions
    7 -> Media protocol actions
    9 -> Entering/exiting functions

Log user errors (on a different logging domain).
Examples: authentication operations, registration events, requests routing, etc...

A boolean expression applied to the processing of all SIP requests.
When the expression evaluates to 'true', use the 'contextual-log-level' logging level for all the logs generated during the processing of the current request. This is useful to debug a certain scenario on a production environment.
The definition of SIP boolean expressions is the same as for entry filters of modules, which is documented here: https://wiki.linphone.org/xwiki/wiki/public/view/Flexisip/Configuration/Filter%20syntax/

Logging verbosity of contextual logs.

A boolean expression applied to the processing of all SIP requests.
When the expression evaluates to 'true', log the request body. Cannot be empty, use 'true' or 'false' instead.
The definition of SIP boolean expressions is documented here: https://wiki.linphone.org/xwiki/wiki/public/view/Flexisip/Configuration/Filter%20syntax/
Example: content-type == 'application/sdp' && request.method == 'MESSAGE'

List of whitespace separated SIP URIs where the proxy must listen.
Wildcard  means 'all local ip addresses'. If the 'transport' parameter is not specified, the server will listen on both UDP and TCP transports.

A local address to bind onto can be specified using the 'maddr' SIP URI parameter. The domain part of SIP URIs are used as public domain or ip address.

The 'network' SIP URI parameter can be used to instruct Flexisip which transport to use to correctly route requests to destinations. This is particularly useful when Flexisip is deployed on complex network infrastructures or needs to route requests to a local back-end server. The parameter takes a comma-separated list of network addresses in CIDR notation. Example: 'network=10.0.1.0/24,192.168.1.0/24'. The 'network' parameter is not supported with the '*' host or IPv6 transports. The default value for this parameter is '0.0.0.0/0' (when the parameter is empty for IPv4 transports).

The 'sips' transport definition accepts some optional parameters:
 - 'tls-certificates-dir': path, has the same meaning as the 'tls-certificates-dir' parameter of this section (overriding only applies for the current SIP URI).
 - 'tls-certificates-file': file path, has the same meaning as the 'tls-certificates-file' parameter of this section (overriding only applies for the current SIP URI).
 - 'tls-certificates-private-key': file path, has the same meaning as the 'tls-certificates-private-key' parameter of this section (overriding only applies for the current SIP URI).
 - 'tls-certificates-ca-file': file path, has the same meaning as the 'tls-certificates-ca-file' parameter of this section (overriding only applies for the current SIP URI).
 - 'tls-verify-incoming': value in {'0', '1'}, indicates whether clients are required to present a valid client certificate or not (defaults to '0').
 - 'tls-allow-missing-client-certificate': value in {'0', '1'}, allow connections from clients that have no certificate even if `tls-verify-incoming` is enabled (useful if you want Flexisip to ask for a client certificate but do not fail if the client cannot provide one).
 - 'tls-verify-outgoing': value in {'0', '1'}, whether Flexisip should verify the peer certificate when it creates an outgoing TLS connection to another server (defaults to '1').
 - 'require-peer-certificate': (deprecated) same as 'tls-verify-incoming'

It is HIGHLY RECOMMENDED to specify a canonical name for 'sips' transports, so that the proxy can advertise this information in 'Record-Route' headers, which allows TLS cname verifications to be performed by clients.
Specifying a SIP URI with 'transport=tls' is not allowed: the 'sips' scheme must be used instead. As requested by SIP RFC, IPv6 addresses must be enclosed within brackets.

Here are some examples to understand:
 - listen on all local interfaces for UDP and TCP, on standard port:
 transports=sip:*
 - listen on all local interfaces for UDP, TCP and TLS, on standard ports:
 transports=sip:* sips:*
 - listen only a specific IPv6 interface, on standard ports, with UDP, TCP and TLS
 transports=sip:[2a01:e34:edc3:4d0:7dac:4a4f:22b6:2083] sips:[2a01:e34:edc3:4d0:7dac:4a4f:22b6:2083]
 - listen on TLS localhost with 2 different ports and SSL certificates:
 transports=sips:localhost:5061;tls-certificates-dir=path_a sips:localhost:5062;tls-certificates-dir=path_b
 - listen on TLS localhost with 2 peer certificate requirements:
 transports=sips:localhost:5061;tls-verify-incoming=0 sips:localhost:5062;tls-verify-incoming=1
 - listen on 192.168.0.29:6060 with TLS, but public hostname is 'sip.linphone.org' used in SIP requests. The binding address will not appear in requests:
 transports=sips:sip.linphone.org:6060;maddr=192.168.0.29
 - listen on public interface as well as on local network to reach a back-end server:
 transports=sip:sip.example.org:5080;maddr=10.0.1.1 sip:localhost:5080;network=10.0.1.0/24

List of whitespace separated host names pointing to this machine.
This is to prevent loops while routing SIP requests.

Time interval after which inactive connections are closed.

Time interval for sending "\r\n\r\n" keepalive packets on inbound and outbound connections.
The main purpose of sending keepalive packets is to keep connections alive across NATs. It also helps to detect silently broken connections which can reduce the number of socket descriptors used by Flexisip. A value of zero deactivates this feature

Time interval for sending "\r\n\r\n" keepalive packets for proxy-to-proxy connections.
Indeed, while it is undesirable to send frequent keepalive packets to mobile clients (it drains their battery), sending frequent keepalive packets has proven to be helpful to keep connections up between proxy nodes in a very popular US virtualized datacenter. A value of zero deactivates this feature.

SIP transaction timeout.
Set to T1*64 by default.

The UDP MTU.
Flexisip will fallback to TCP when sending a request whose size exceeds the UDP MTU. Please read https://sofia-sip.sourceforge.net/refdocs/nta/nta__tag_8h.html#a6f51c1ff713ed4b285e95235c4cc999a for more details. If sending large packets over UDP is not a problem, then set a big value such as 65535. Unlike the recommendation of the RFC, the default value of UDP MTU is 1460 in Flexisip (instead of 1300).

Maximum number of bytes read at once when extracting data from a TCP socket. WARNING: a SIP request (headers + body) cannot exceed this amount of bytes otherwise the parsing will fail

Bind address for all RTP streams (MediaRelay and Transcoder).
This parameter is only useful for some specific networks, keeping the default value is recommended.

Interval at which the server will check if TLS certificates have been updated. Apply update once detected.

Path to the file containing the server certificate chain.
The file must be in PEM format, see OpenSSL SSL_CTX_use_certificate_chain_file documentation. If used, 'tls-certificates-private-key' MUST be set.

Path to the file containing the private key.
See OpenSSL SSL_CTX_use_PrivateKey_file documentation. If used, 'tls-certificates-file' MUST be set.

Path to the file containing CA certificates.
See OpenSSL SSL_CTX_load_verify_locations and SSL_CTX_set_client_CA_list documentation. Can be empty.

Cipher strings to pass to OpenSSL in order to limit the cipher suites to use while establishing TLS sessions.
Please take a look at ciphers(1) UNIX manual to get the list of supported keywords by your current version of OpenSSL. You might visit https://www.openssl.org/docs/manmaster/man1/ciphers.html too. The default value set by Flexisip should provide a high level of security while keeping an acceptable level of interoperability with currently deployed clients on the market.

Ask for client certificate on TLS session establishing.

Unique ID used to identify this Flexisip instance.
It must be a randomly generated 16-sized hexadecimal number. If empty, it will be generated each time Flexisip starts.

Number of SIP requests that Sofia-SIP can queue in a transport (a connection). It is 64 by default, hardcoded in Sofia-SIP (Sofia-SIP also used to hardcode a maximum value of 1000). This is not sufficient for instant messaging applications.

Interval between logs about server memory usage.
This feature periodically logs the value occupied in RAM by the process (VmRSS). These logs use debug level.
Only works on Linux.
Set to 0 in order to disable the feature.

Tells the server how to retrieve advanced options for user accounts:
 - 'flexiapi' keyword to use the HTTP server that implements the FlexiAPI (configure access in the [global::flexiapi] section)
 - path to a json file containing the account settings
 An empty string disables support for advanced account options.

Flexisip version.

Retrieve current runtime error state.