Documentation based on repostory git version commit 1.0.12-487-g7669680
 

Global

Some global settings of the flexisip proxy.
----

Configuration options:

NameDescriptionDefault ValueType
log-levelVerbosity of logs to output. Possible values are debug, message, warning and error errorString
syslog-levelVerbosity of logs to put in syslog. Possible values are debug, message, warning and error errorString
max-log-sizeMax size of a log file before switching to a new log file, expressed with units. For example: 10G, 100M. If -1 then there is no maximum size 100MString
user-errors-logsLog (on a different log domain) user errors like authentication, registration, routing, etc... falseBoolean
dump-corefilesGenerate a corefile when crashing. Note that by default linux will generate coredumps in '/' which is not so convenient. The following shell command can be added to /etc/rc.local in order to write core dumps a in specific directory, for example /home/cores:
  echo "/home/cores/core.%e.%t.%p" >/proc/sys/kernel/core_pattern
trueBoolean
auto-respawnAutomatically respawn flexisip in case of abnormal termination (crashes) trueBoolean
aliasesList of white space separated host names pointing to this machine. This is to prevent loops while routing SIP messages. localhostStringList
default-serversServers started by default when no --server option is specified on command line. Possible values are 'proxy', 'presence', separated by whitespaces. proxyStringList
transportsList of white space separated SIP uris where the proxy must listen.
 Wildcard star can be used to mean 'all local ip addresses'. If 'transport' parameter is unspecified, it will listen to both udp and tcp. A local address to bind onto can be indicated in the 'maddr' parameter, while the domain part of the uris are used as public domain or ip address.
 The 'sips' transport definitions accept two optional parameters:
  - 'tls-certificates-dir' taking for value a path, with the same meaning as the 'tls-certificates-dir' property of this section and overriding it for this given transport.
  - 'tls-verify-incoming' taking for value '0' or '1', to indicate whether clients connecting are required to present a valid client certificate. Default value is 0.
  - 'tls-verify-outgoing' taking for value '0' or '1', whether flexisip should check the peer certificate when it make an outgoing TLS connection to another server. Default value is 1.
  - 'require-peer-certificate' (deprecated) same as tls-verify-incoming
 Specifying a sip uri with transport=tls is not allowed: the 'sips' scheme must be used. As requested by SIP RFC, IPv6 address must be enclosed within brakets.
 Here are some examples to understand:
 - listen on all local interfaces for udp and tcp, on standard port:
  transports=sip:*
 - listen on all local interfaces for udp,tcp and tls, on standard ports:
  transports=sip:* sips:*
 - listen only a specific IPv6 interface, on standard ports, with udp, tcp and tls
  transports=sip:[2a01:e34:edc3:4d0:7dac:4a4f:22b6:2083] sips:[2a01:e34:edc3:4d0:7dac:4a4f:22b6:2083]
 - listen on tls localhost with 2 different ports and SSL certificates:
  transports=sips:localhost:5061;tls-certificates-dir=path_a sips:localhost:5062;tls-certificates-dir=path_b
 - listen on tls localhost with 2 peer certificate requirements:
  transports=sips:localhost:5061;tls-verify-incoming=0 sips:localhost:5062;tls-verify-incoming=1
 - listen on 192.168.0.29:6060 with tls, but public hostname is 'sip.linphone.org' used in SIP messages. Bind address won't appear in messages:
  transports=sips:sip.linphone.org:6060;maddr=192.168.0.29
sip:*StringList
tls-certificates-dirPath to the directory where TLS server certificate and private key can be found, concatenated inside an 'agent.pem' file. Any chain certificates must be put into a file named 'cafile.pem'. The setup of agent.pem, and eventually cafile.pem is required for TLS transport to work. /etc/flexisip/tls/String
tls-ciphersCiphers string to pass to OpenSSL in order to limit the cipher suites to use while establishing TLS sessions. Please take a look to ciphers(1) UNIX manual to get the list of keywords supported by your current version of OpenSSL. You might visit https://www.openssl.org/docs/manmaster/man1/ciphers.html too. The default value set by Flexisip should provide a high level of security while keeping an acceptable level of interoperability with currenttly deployed client on the marcket. HIGH:!SSLv2:!SSLv3:!TLSv1:!EXP:!ADH:!RC4:!3DES:!aNULL:!eNULLString
idle-timeoutTime interval in seconds after which inactive connections are closed. 3600Integer
require-peer-certificateRequire client certificate from peer (inbound connections only). falseBoolean
transaction-timeoutSIP transaction timeout in milliseconds. It is T1*64 (32000 ms) by default. 32000Integer
udp-mtuThe UDP MTU. Flexisip will fallback to TCP when sending a message whose size exceeds the UDP MTU. Please read http://sofia-sip.sourceforge.net/refdocs/nta/nta__tag_8h.html#a6f51c1ff713ed4b285e95235c4cc999a for more details. If sending large packets over UDP is not a problem, then set a big value such as 65535. Unlike the recommandation of the RFC, the default value of UDP MTU is 1460 in Flexisip (instead of 1300). 1460Integer
enable-snmpEnable SNMP. trueBoolean
unique-idUnique ID used to identify that instance of Flexisip. It must be a randomly generated 16-sized hexadecimal number. If empty, it will be randomly generated at each start of Flexisip. String
use-maddrAllow flexisip to use maddr in sips connections to verify the CN of the TLS certificate. trueBoolean
plugins-dirPath to the directory where plugins can be found. /usr/lib/flexisip/plugins/String
pluginsPlugins to use. StringList
version-numberFlexisip version. 1.0.12String
runtime-errorRetrieve current runtime error state. RuntimeError
Created by Buildbot on 2017/01/13 15:20