global

Last modified by Buildbot on 2024/12/13 01:08

 Documentation based on repostory git version commit 2.4.0-alpha-325-g45099ad9 

Global

Some global settings of the flexisip proxy.
----

Configuration options:

NameDescriptionDefault ValueDefault UnitType
default-servers

Servers started by default when no --server option is specified on command line. Possible values are 'proxy', 'presence', 'conference', 'regevent' separated by whitespaces.

 proxy StringList
auto-respawn

Automatically respawn flexisip in case of abnormal termination (crashes). This has an effect if Flexisip has been launched with '--daemon' option only

 true Boolean
plugins-dir

Path to the directory where plugins can be found.

 /opt/belledonne-communications/lib64/flexisip/plugins String
plugins

Plugins to load. Look at <prefix>/lib/flexisip/plugins to know the list of installed plugin. The name of a plugin can be derivated from the according library name by striping out the extension part and the leading 'lib' prefix.
E.g. putting 'jweauth' in this setting will make libjweauth.so library to be load on runtime.

  StringList
dump-corefiles

Generate a core file on crash.
On GNU/Linux, the action to do on core dump is defined by the kernel file '/proc/sys/kernel/core_pattern'. On recent distributions like RHEL 8, the generated cores is given by default to the core manager of SystemD and the core can be easily listed by using coredumpctl(1) command.
On older distributions, the cores are often written in '/' directory. If your root directory has little available space, it is recommended to relocate your core dumps in another place by modifying the 'core_pattern' file on system boot. This may be done by adding this line in '/etc/rc.local':
    echo '/home/cores/core.%e.%t.%p' > /proc/sys/kernel/core_pattern

See core(5) manual for more information about core handling on GNU/Linux.

 false Boolean
enable-snmp

Enable SNMP.

 false Boolean
log-directory

Directory where to create log files. Create logs are named as 'flexisip-<server_type>.log'. If If several server types have been specified by '--server' option or 'global/default-servers' parameter, then <server_type> is expanded by a concatenation of all the server types joined with '+' character.
WARNING: Flexisip has no embedded log rotation system but provides a configuration file for logrotate. Please ensure that logrotate is installed and running on your system if you want to have Flexisip's logs rotated. Log rotation can be customized by editing /etc/logrotate.d/flexisip-logrotate.

 /var/opt/belledonne-communications/log/flexisip String
log-filename

Name of the log file. Any occurrences of '{server}' will be replaced by the server type which has been given by '--server' option or 'default-servers' parameter. If several server types have been given, then '{server}' will be replaced by the concatenation of these separated by '+' character (e.g. 'proxy+presence')

 flexisip-{server}.log String
log-level

Log file verbosity. Possible values are debug, message, warning and error

 error String
syslog-level

Syslog verbosity. Possible values are debug, message, warning and error

 error String
sofia-level

Sofia-SIP log verbosity. These logs are only displayed if the log level is set to 'debug' or if the program is started with the '-d' option. The verbosity levels range from 1 to 9, with the following meanings:
1 -> Critical errors
2 -> Non-critical errors
3 -> Warnings and progress messages
5 -> Signaling protocol actions
7 -> Media protocol actions
9 -> Entering/exiting functions

 5 Integer
user-errors-logs

Log (on a different log domain) user errors like authentication, registration, routing, etc...

 false Boolean
contextual-log-filter

A boolean expression applied to current SIP message being processed. When matched, logs are output provided that there level is greater than the value defined in contextual-log-level. The definition of the SIP boolean expression is the same as for entry filters of modules, which is documented here: https://wiki.linphone.org/xwiki/wiki/public/view/Flexisip/Configuration/Filter%20syntax/

  String
contextual-log-level

Verbosity of contextual logs to output when the condition defined in 'contextual-log-filter' is met.

 debug String
show-body-for

Filter expression applied to all messages, if true message body is shown, if false not. Can not be empty, use 'true' or 'false' constants instead. The definition of the SIP boolean expression is documented here: https://wiki.linphone.org/xwiki/wiki/public/view/Flexisip/Configuration/Filter%20syntax/
Example : content-type == 'application/sdp' && request.method == 'MESSAGE'

 content-type == 'application/sdp' String
transports

List of white space separated SIP URIs where the proxy must listen.
Wildcard star can be used to mean 'all local ip addresses'. If 'transport' parameter is unspecified, it will listen to both udp and tcp. A local address to bind onto can be indicated in the 'maddr' parameter, while the domain part of the uris are used as public domain or ip address.
The 'sips' transport definitions accept two optional parameters:
 - 'tls-certificates-dir' taking for value a path, with the same meaning as the 'tls-certificates-dir' property of this section and overriding it for this given transport. This is deprecated, use  'tls-certificates-file' and 'tls-certificates-private-key' instead.
 - 'tls-certificates-file' taking for value a file path, with the same meaning as the 'tls-certificates-file' property of this section and overriding it for this given transport.
 - 'tls-certificates-private-key' taking for value a file path, with the same meaning as the 'tls-certificates-private-key' property of this section and overriding it for this given transport.
 - 'tls-certificates-ca-file' taking for value a file path, with the same meaning as the 'tls-certificates-ca-file' property of this section and overriding it for this given transport.
 - 'tls-verify-incoming' taking for value '0' or '1', to indicate whether clients connecting are required to present a valid client certificate. Default value is 0.
 - 'tls-allow-missing-client-certificate' taking for value '0' or '1', to allow connections from clients which have no certificate even if `tls-verify-incoming` has been enabled. That's useful if you wish to have Flexisip to ask for a client certificate, but without failing if the client cannot provide one.
 - 'tls-verify-outgoing' taking for value '0' or '1', whether flexisip should check the peer certificate when it make an outgoing TLS connection to another server. Default value is 1.
 - 'require-peer-certificate' (deprecated) same as tls-verify-incoming

It is HIGHLY RECOMMENDED to specify a canonical name for 'sips' transport, so that the proxy can advertise this information in Record-Route headers, which allows TLS cname check to be performed by clients.
Specifying a sip uri with transport=tls is not allowed: the 'sips' scheme must be used instead. As requested by SIP RFC, IPv6 address must be enclosed within brackets.
Here are some examples to understand:
 - listen on all local interfaces for udp and tcp, on standard port:
 transports=sip:*
 - listen on all local interfaces for udp,tcp and tls, on standard ports:
 transports=sip:* sips:*
 - listen only a specific IPv6 interface, on standard ports, with udp, tcp and tls
 transports=sip:[2a01:e34:edc3:4d0:7dac:4a4f:22b6:2083] sips:[2a01:e34:edc3:4d0:7dac:4a4f:22b6:2083]
 - listen on tls localhost with 2 different ports and SSL certificates:
 transports=sips:localhost:5061;tls-certificates-dir=path_a sips:localhost:5062;tls-certificates-dir=path_b
 - listen on tls localhost with 2 peer certificate requirements:
 transports=sips:localhost:5061;tls-verify-incoming=0 sips:localhost:5062;tls-verify-incoming=1
 - listen on 192.168.0.29:6060 with tls, but public hostname is 'sip.linphone.org' used in SIP messages. Bind address won't appear in messages:
 transports=sips:sip.linphone.org:6060;maddr=192.168.0.29

 sip:* StringList
aliases

List of white space separated host names pointing to this machine. This is to prevent loops while routing SIP messages.

 localhost StringList
idle-timeout

Time interval after which inactive connections are closed.

 3600 secondDurationS
keepalive-interval

Time interval for sending "\r\n\r\n" keepalives packets on inbound and outbound connections. A value of zero stands for no keepalive. The main purpose of sending keepalives is to keep connection alive across NATs, but it also helps in detecting silently broken connections which can reduce the number socket descriptors used by flexisip.

 1800 secondDurationS
proxy-to-proxy-keepalive-interval

Time interval for sending "\r\n\r\n" keepalives packets specifically for proxy to proxy connections. Indeed, while it is undesirable to send frequent keepalives to mobile clients because it drains their battery, sending frequent keepalives has proven to be helpful to keep connections up between proxy nodes in a very popular US virtualized datacenter. A value of zero stands for no keepalive.

 0 secondDurationS
transaction-timeout

SIP transaction timeout. It is T1*64 by default.

 32000 millisecondDurationMS
udp-mtu

The UDP MTU. Flexisip will fallback to TCP when sending a message whose size exceeds the UDP MTU. Please read http://sofia-sip.sourceforge.net/refdocs/nta/nta__tag_8h.html#a6f51c1ff713ed4b285e95235c4cc999a for more details. If sending large packets over UDP is not a problem, then set a big value such as 65535. Unlike the recommendation of the RFC, the default value of UDP MTU is 1460 in Flexisip (instead of 1300).

 1460 Integer
rtp-bind-address

You can specify the bind address for all RTP streams (MediaRelay and Transcoder). This parameter is only useful for some specific networks, keeping the default value is recommended.

 0.0.0.0 ::0 StringList
tls-certificates-check-interval

Interval at which the server will check if TLS certificates have been updated. Apply update once detected.F

 1 minuteDurationMIN
tls-certificates-file

Path to the file containing the server certificate chain. The file must be in PEM format, see OpenSSLSSL_CTX_use_certificate_chain_file documentation. If used tls-certificates-private-key MUST be set.

  String
tls-certificates-private-key

Path to the file containing the private key. See OpenSSL SSL_CTX_use_PrivateKey_file documentation. If used tls-certificates-file MUST be set.

  String
tls-certificates-ca-file

Path to the file contain CA certificates. See OpenSSL SSL_CTX_load_verify_locations and SSL_CTX_set_client_CA_list documentation. Can be empty.

  String
tls-ciphers

Ciphers string to pass to OpenSSL in order to limit the cipher suites to use while establishing TLS sessions. Please take a look to ciphers(1) UNIX manual to get the list of keywords supported by your current version of OpenSSL. You might visit https://www.openssl.org/docs/manmaster/man1/ciphers.html too. The default value set by Flexisip should provide a high level of security while keeping an acceptable level of interoperability with currently deployed clients on the market.

 HIGH:!SSLv2:!SSLv3:!TLSv1:!EXP:!ADH:!RC4:!3DES:!aNULL:!eNULL String
require-peer-certificate

Ask for client certificate on TLS session establishing.

 false Boolean
unique-id

Unique ID used to identify that instance of Flexisip. It must be a randomly generated 16-sized hexadecimal number. If empty, it will be randomly generated on each start of Flexisip.

  String
tport-message-queue-size

Number of SIP message that sofia can queue in a tport (a connection). It is 64 by default, hardcoded in sofia-sip (sofia-sip also used to hardcode a max value, 1000). This is not sufficient for IM.

 1000 Integer
version-number

Flexisip version.

 2.4.0-alpha-325-g45099ad9 String
runtime-error

Retrieve current runtime error state.

  RuntimeError