Documentation based on repostory git version commit 2.1.0-alpha-185-g9bf71c35 

Global

Some global settings of the flexisip proxy.
----

Configuration options:

NameDescriptionDefault ValueType
default-servers

Servers started by default when no --server option is specified on command line. Possible values are 'proxy', 'presence', 'conference', 'regevent' separated by whitespaces.

 proxyStringList
auto-respawn

Automatically respawn flexisip in case of abnormal termination (crashes). This has an effect if Flexisip has been launched with '--daemon' option only

 trueBoolean
plugins-dir

Path to the directory where plugins can be found.

 /opt/belledonne-communications/lib/flexisip/pluginsString
plugins

Plugins to load. Look at <prefix>/lib/flexisip/plugins to know the list of installed plugin. The name of a plugin can be derivated from the according library name by striping out the extension part and the leading 'lib' prefix.
E.g. putting 'jweauth' in this setting will make libjweauth.so library to be load on runtime.

 StringList
dump-corefiles

Generate a corefile when crashing. Note that by default linux will generate coredumps in '/' which is not so convenient. The following shell command can be added to /etc/rc.local in order to write core dumps a in specific directory, for example /home/cores:
 echo "/home/cores/core.%e.%t.%p" >/proc/sys/kernel/core_pattern

 falseBoolean
enable-snmp

Enable SNMP.

 falseBoolean
log-directory

Directory where to create log files. Create logs are named as 'flexisip-<server_type>.log'. If If several server types have been specified by '--server' option or 'global/default-servers' parameter, then <server_type> is expanded by a concatenation of all the server types joined with '+' character.
WARNING: Flexisip has no embedded log rotation system but provides a configuration file for logrotate. Please ensure that logrotate is installed and running on your system if you want to have Flexisip's logs rotated. Log rotation can be customized by editing /etc/logrotate.d/flexisip-logrotate.

 /var/opt/belledonne-communications/log/flexisipString
log-filename

Name of the log file. Any occurences of '{server}' will be replaced by the server type which has been given by '--server' option or 'default-servers' parameter. If several server types have been given, then '{server}' will be replaced by the concatenation of these separated by '+' character (e.g. 'proxy+presence')

 flexisip-{server}.logString
log-level

Log file verbosity. Possible values are debug, message, warning and error

 errorString
syslog-level

Syslog verbosity. Possible values are debug, message, warning and error

 errorString
user-errors-logs

Log (on a different log domain) user errors like authentication, registration, routing, etc...

 falseBoolean
contextual-log-filter

A boolean expression applied to current SIP message being processed. When matched, logs are output provided that there level is greater than the value defined in contextual-log-level. The definition of the SIP boolean expression is the same as for entry filters of modules, which is documented here: https://wiki.linphone.org/xwiki/wiki/public/view/Flexisip/Configuration/Filter%20syntax/

 String
contextual-log-level

Verbosity of contextual logs to output when the condition defined in 'contextual-log-filter' is met.

 debugString
transports

List of white space separated SIP URIs where the proxy must listen.
Wildcard star can be used to mean 'all local ip addresses'. If 'transport' parameter is unspecified, it will listen to both udp and tcp. A local address to bind onto can be indicated in the 'maddr' parameter, while the domain part of the uris are used as public domain or ip address.
The 'sips' transport definitions accept two optional parameters:
 - 'tls-certificates-dir' taking for value a path, with the same meaning as the 'tls-certificates-dir' property of this section and overriding it for this given transport.
 - 'tls-verify-incoming' taking for value '0' or '1', to indicate whether clients connecting are required to present a valid client certificate. Default value is 0.
 - 'tls-allow-missing-client-certificate' taking for value '0' or '1', to allow connections from clients which have no certificate even if `tls-verify-incoming` has been enabled. That's useful if you wish to have Flexisip to ask for a client certificate, but without failing if the client cannot provide one.
 - 'tls-verify-outgoing' taking for value '0' or '1', whether flexisip should check the peer certificate when it make an outgoing TLS connection to another server. Default value is 1.
 - 'require-peer-certificate' (deprecated) same as tls-verify-incoming

It is HIGHLY RECOMMENDED to specify a canonical name for 'sips' transport, so that the proxy can advertise this information in Record-Route headers, which allows TLS cname check to be performed by clients.
Specifying a sip uri with transport=tls is not allowed: the 'sips' scheme must be used instead. As requested by SIP RFC, IPv6 address must be enclosed within brakets.
Here are some examples to understand:
 - listen on all local interfaces for udp and tcp, on standard port:
 transports=sip:*
 - listen on all local interfaces for udp,tcp and tls, on standard ports:
 transports=sip:* sips:*
 - listen only a specific IPv6 interface, on standard ports, with udp, tcp and tls
 transports=sip:[2a01:e34:edc3:4d0:7dac:4a4f:22b6:2083] sips:[2a01:e34:edc3:4d0:7dac:4a4f:22b6:2083]
 - listen on tls localhost with 2 different ports and SSL certificates:
 transports=sips:localhost:5061;tls-certificates-dir=path_a sips:localhost:5062;tls-certificates-dir=path_b
 - listen on tls localhost with 2 peer certificate requirements:
 transports=sips:localhost:5061;tls-verify-incoming=0 sips:localhost:5062;tls-verify-incoming=1
 - listen on 192.168.0.29:6060 with tls, but public hostname is 'sip.linphone.org' used in SIP messages. Bind address won't appear in messages:
 transports=sips:sip.linphone.org:6060;maddr=192.168.0.29

 sip:*StringList
aliases

List of white space separated host names pointing to this machine. This is to prevent loops while routing SIP messages.

 localhostStringList
idle-timeout

Time interval in seconds after which inactive connections are closed.

 3600Integer
keepalive-interval

Time interval in seconds for sending "\r\n\r\n" keepalives packets on inbound and outbound connections. A value of zero stands for no keepalive. The main purpose of sending keepalives is to keep connection alive accross NATs, but it also helps in detecting silently broken connections which can reduce the number socket descriptors used by flexisip.

 1800Integer
proxy-to-proxy-keepalive-interval

Time interval in seconds for sending "\r\n\r\n" keepalives packets specifically for proxy to proxy connections. Indeed, while it is undesirable to send frequent keepalives to mobile clients because it drains their battery, sending frequent keepalives has proven to be helpful to keep connections up between proxy nodes in a very popular US virtualized datacenter. A value of zero stands for no keepalive.

 0Integer
transaction-timeout

SIP transaction timeout in milliseconds. It is T1*64 (32000 ms) by default.

 32000Integer
udp-mtu

The UDP MTU. Flexisip will fallback to TCP when sending a message whose size exceeds the UDP MTU. Please read http://sofia-sip.sourceforge.net/refdocs/nta/nta__tag_8h.html#a6f51c1ff713ed4b285e95235c4cc999a for more details. If sending large packets over UDP is not a problem, then set a big value such as 65535. Unlike the recommandation of the RFC, the default value of UDP MTU is 1460 in Flexisip (instead of 1300).

 1460Integer
tls-certificates-dir

Path to the directory where TLS server certificate and private key can be found, concatenated inside an 'agent.pem' file. Any chain certificates must be put into a file named 'cafile.pem'. The setup of agent.pem, and eventually cafile.pem is required for TLS transport to work.

 /etc/flexisip/tls/String
tls-ciphers

Ciphers string to pass to OpenSSL in order to limit the cipher suites to use while establishing TLS sessions. Please take a look to ciphers(1) UNIX manual to get the list of keywords supported by your current version of OpenSSL. You might visit https://www.openssl.org/docs/manmaster/man1/ciphers.html too. The default value set by Flexisip should provide a high level of security while keeping an acceptable level of interoperability with currenttly deployed clients on the market.

 HIGH:!SSLv2:!SSLv3:!TLSv1:!EXP:!ADH:!RC4:!3DES:!aNULL:!eNULLString
require-peer-certificate

Ask for client certificate on TLS session establishing.

 falseBoolean
unique-id

Unique ID used to identify that instance of Flexisip. It must be a randomly generated 16-sized hexadecimal number. If empty, it will be randomly generated on each start of Flexisip.

 String
version-number

Flexisip version.

 2.1.0-alpha-185-g9bf71c35String
runtime-error

Retrieve current runtime error state.

 RuntimeError
Tags:
Created by Buildbot on 2020/05/25 11:41