# # OverSIP - Main Configuration. # # # IMPORTANT: # This is a YAML [1] format configuration file. DON'T USE tab for indentation # as it's not allowed and would raise unexpected errors. Instead, respect # the existing indentation spaces. # [1] http://en.wikipedia.org/wiki/YAML core: # DNS nameserver to use. Note that OverSIP requires a recursive DNS server # (recommended unbound: a DNS recursive and caching DNS resolver). # Value can be: # - An IPv4. # - An array of IPv4 (for failover). # - _null_: nameservers in /etc/resolv.conf are used. # Default value is _null_. # nameservers: null # Syslog facility. Can be "kern", "user", "daemon", "local0"..."local7". # By default "daemon". # syslog_facility: daemon # Syslog level. Can be "debug", "info", "notice", "warn", "error", "crit". # By default "info". # syslog_level: debug sip: # Use SIP over UDP. By default _yes_. # sip_udp: yes # Use SIP over TCP. By default _yes_. # sip_tcp: yes # Use SIP over TLS. By default _yes_. # sip_tls: yes # Enable or disable IPv4. By default _yes_. # enable_ipv4: yes # IPv4 in which OverSIP listens for SIP messages. Using "0.0.0.0" is not # allowed. # - Use an IPv4 string for listening in that address. # - Use _null_ for IP autodiscovery. # Default value is _null_. # listen_ipv4: 192.168.2.13 # Enable or disable IPv6. By default _yes_. # enable_ipv6: yes # IPv6 in which OverSIP listens for SIP messages. Using "::" is not # allowed. # - Use an IPv6 string for listening in that address. # - Use _null_ for IP autodiscovery. # Default value is _null_. # listen_ipv6: null # Listening port for SIP over UDP and TCP. # By default 5060. # listen_port: 6789 # Listening port for SIP over TLS. # By default 5061. # listen_port_tls: 5061 # By enabling this option OverSIP does not listen in SIP TLS but, instead, # runs an instance of Stud TLS proxy which communicates with OverSIP using # plain TCP. # By default _yes_. # use_tls_tunnel: yes # The port which listens for TCP traffic from the Stud TLS proxy running in # this host. # By default 5062. # listen_port_tls_tunnel: 5062 # Call the OverSIP::SipEvents.on_client_tls_handshake() callback when a SIP # client attemps a TLS handshake with OverSIP. # By default _yes_. # callback_on_client_tls_handshake: yes # Local domains OverSIP is responsible for. Value can be: # - A domain. # - An array of domains. # - _null_: no one, just local IP's are matched as local destinations. # Default value is _null_. # # local domains: [ example.net, sip.example.org ] local_domains: null # TCP keepalive interval (in seconds). # When acting as a TCP server, OverSIP sends TCP packets with null data payload # as described in http://tldp.org/HOWTO/html_single/TCP-Keepalive-HOWTO/. # If not set, TCP keepalive is disabled. # Minimun value is 180 seconds. Default value is _null_ (not enabled). # tcp_keepalive_interval: 300 # Use a hostname for Record-Route/Path header when using TLS or WSS transports # over IPv4 (rather than using the server IP). This is good when a peer # sends us an in-dialog request via TLS so it could check whether the host part # of the top Route header matches a domain in the certificate we provide to it. # If not set, the server IPv4 will be used. # Default value is _null_ (IPv4 is used). # # record_route_hostname_tls_ipv4: outbound.example.net record_route_hostname_tls_ipv4: null # The same for IPv6. # If not set, the server IPv6 will be used. # Default value is _null_ (IPv6 is used). # # record_route_hostname_tls_ipv6: outbound.example.net record_route_hostname_tls_ipv6: null websocket: # Use SIP over WebSocket. By default _yes_. # sip_ws: yes # Use SIP over WebSocket with TLS. By default _yes_. # sip_wss: yes # Enable or disable IPv4. By default _yes_. # enable_ipv4: yes # IPv4 in which OverSIP listens for WebSocket messages. Using "0.0.0.0" is not # allowed. # - Use an IPv4 string for listening in that address. # - Use _null_ for IP autodiscovery. # Default value is _null_. # listen_ipv4: 192.168.2.13 # Enable or disable IPv6. By default _yes_. # enable_ipv6: yes # IPv6 in which OverSIP listens for SIP messages. Using "::" is not # allowed. # - Use an IPv6 string for listening in that address. # - Use _null_ for IP autodiscovery. # Default value is _null_. # listen_ipv6: null # Listening port for WebSocket over HTTP. # By default 10080. # listen_port: 10080 # Listening port for WebSocket over HTTPS. # By default 10443. # listen_port_tls: 10443 # By enabling this option OverSIP does not listen in WebSocket TLS but, instead, # runs an instance of Stud TLS proxy which communicates with OverSIP using # plain TCP. # By default _yes_. # use_tls_tunnel: yes # The port which listens for TCP traffic from the Stud TLS proxy running in # this host. # By default 10444. # listen_port_tls_tunnel: 10444 # Call the OverSIP::WebSocketEvents.on_client_tls_handshake() callback when a WebSocket # client attemps a TLS handshake with OverSIP. # By default _yes_. # callback_on_client_tls_handshake: yes # WebSocket message max size (bytes). By default 65536. # max_ws_message_size: 65536 # WebSocket frame max size (bytes). By default 65536. # max_ws_frame_size: 65536 # WebSocket PING frames interval (in seconds). # If set, OverSIP sends WebSocket PING control frames as the given interval. # Minimun value is 180. Default value is _null_. # ws_keepalive_interval: 300 # TLS parameters affect to any interface of OverSIP using TLS, including SIP and WebSocket. tls: # Server TLS public certificate. It must be the name of a readable file containing a # chain of X509 certificates in PEM format, with the most-resolved certificate at the # top of the file, successive intermediate certs in the middle, and the root (or CA) # cert at the bottom. # If not set, TLS is disabled. Default value is _null_. # If a relative path is given, it's searched under the tls/ directoy in the OverSIP # configuration directory (typically /etc/oversip/). # public_cert: demo-tls.oversip.net.crt # Server TLS private certificate. It must be the name of a readable file containing a # private key in the PEM format. # If not set, TLS is disabled. Default value is _null_. # If a relative path is given, it's searched under the tls/ directoy in the OverSIP # configuration directory (typically /etc/oversip/). # NOTE: The private key MUST NOT require password. # private_cert: demo-tls.oversip.net.key # Directory of TLS CAs. It must be the name of a readable directory. Every file in # that directory will be inspected and every X509 certificate in PEM format extracted. # This is useful for storing the list of trusted CAs (i.e. http://curl.haxx.se/ca/cacert.pem) # or CAs not in a standard trust hierarchy. # This is *required* for validating certificates provided by remote peers. # If _null_ this feature is dssabled. Default value is _null_. # If a relative path is given, it's searched under the tls/ directoy in the OverSIP # configuration directory (typically /etc/oversip/). # ca_dir: ca/