-
Notifications
You must be signed in to change notification settings - Fork 16
/
Copy pathconfig.ini.sample
243 lines (207 loc) · 10.1 KB
/
config.ini.sample
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
[Relay]
; A list of dispatchers to connect to, separated by spaces. The format is
; "host[:port] [host[:port] ...]". If a port is not specified the default port
; of 25060 will be used. "host" can be one of the following:
; - A domain name that has a SRV record for a SIP proxy, i.e. at
; "_sip._udp.<domain>". If the DNS lookup for this succeeds the relay
; will connect to the IP address of the SIP proxy on the port specified in
; this configuration.
; - A hostname. The lookup for this will be performed if the SRV lookup
; fails.
; - An IP address. The relay will connect directly to this address.
; Both the SRV and hostname lookups will be periodically refreshed (see
; "dns_check_interval" below).
;
;dispatchers = example.com 1.2.3.4:12345
; Specify extra checks to be performed on the dispatcher TLS credentials before
; considering the connection with the dispatcher successful. The passport is
; specified as a list of attribute/value pairs in the form:
; AN:value[, AN:value...]
; where the attribute name (AN) is one of the available attribute names from
; the X509 certificate subject: O, OU, CN, C, L, ST, EMAIL. The value is a
; string that has to match with the corresponding attribute value from the
; dispatcher certificate. A wildcard (*) can be used in the value at the
; beginning or the end of the string to indicate that the corresponding
; attribute from the dispatcher certificate must end with respectively to
; start with the given string (excluding the wildcard).
; For example using this passport:
; passport = O:AG Projects, CN:*dispatcher
; means that a connection with a dispatcher will only be accepted if the
; dispatcher certificate subject has organization set to "AG Projects" and
; the common name ends with "dispatcher". To specify that no additional
; identity checks need to be performed, use the keyword None. If passport
; is None, then only the certificate signature is verified against the
; certificate authority in tls/ca.pem (signature is always verified even
; when passport is None).
;
; Default value is None.
;
;passport = None
; The host IP address used for relaying streams. The default for this value
; is to use the IP address of the interface that has the default route. This
; is the most appropriate choice for almost any situation. Unless you need to
; use a very specific interface, which is not the default one, there is no need
; to set this option. Leave this option commented to use the default value.
;relay_ip = <default host IP>
; The IP address of the relay can be replaced with the IP address of the
; interface coreponding to the sourceIP and destinationIP of the call.
; if set to False the relay_ip will be used instead
;auto_detect_interfaces = False
; The host IP address to return when a session is allocated in the relay. This
; could be of use in case the relay is behind NAT but it has a 1 to 1 mapping
; with a public IP address, like Amazon EC2, for example.
; If set, auto_detect_interfaces setting will be ignored.
;advertised_ip =
; The port range to use for relaying media streams in the form start:end with
; start and end being even numbers in the [1024, 65536] range and start < end
; The default range is 40000:60000. You should allocate 4 times the number of
; streams you plan for the relay to handle simultaneously. The default range
; having 20000 ports, is able to handle up to 5000 streams.
;
; IMPORTANT NOTE: under heavy CPS attempts, the available ports may be
; exhaused before the calls setup
;
;port_range = 40000:60000
; Logging level (one of CRITICAL, ERROR, WARNING, INFO or DEBUG)
;log_level = INFO
; The amount of time to wait for a stream in a new SDP offer to start sending
; data before the relay decides that it has timed out. The default value is 90
; seconds. This only applies to the initial setup stage, before the first
; packet for a stream is received (from both ends). After the stream is started
; and the conntrack rule is in place, the idle timeout (how long before the
; conntrack rule expires when no traffic is received) is controlled by a kernel
; setting that defaults to 180 seconds and can be adjusted in:
; /proc/sys/net/ipv4/netfilter/ip_conntrack_udp_timeout_stream
;
;stream_timeout = 90
; Amount of time a call can be on hold before it is declared expired by the
; relay. The default value is 7200 seconds (2 hours).
;
;on_hold_timeout = 7200
; How often to check in DNS if the SRV and A records for the dispatcher have
; changed. Interval is in seconds and the default value is 60 seconds.
;
;dns_check_interval = 60
; If the relay cannot connect to a dispatcher is should retry after this
; amount of seconds. The default value is 10 seconds.
;
;reconnect_delay = 10
; How often to sample the aggregate amount of data processed by the relay, in
; order to compute an average of the relayed traffic over that period. The
; value is expressed in seconds and the default value is 15 seconds.
; Use 0 to disable it in case you have to many streams processed by the relay
; and it warns you in syslog that gathering this information takes too long.
;
;traffic_sampling_period = 15
; Specify a list of network ranges (in CIDR notation) for which media is relayed
; even if no packet was received from the endpoint and the IP address is private.
;routable_private_ranges = 192.168.1.0/24
[Dispatcher]
; Local socket on which to communicate with OpenSIPS. The OpenSIPS mediaproxy
; module should be configured to connect to this socket. If a relative path,
; the runtime directory will be prepended. Default value is dispatcher.sock.
;
;socket_path = dispatcher.sock
; Listen address for incoming connections from the relays. The format is
; "ip[:port]". If the ip is "0.0.0.0" or the keyword "any", the dispatcher
; will listen on all interfaces of this host. If the port is not specified,
; the dispatcher will listen on the default port of 25060.
;
;listen = 0.0.0.0
; Listen address for incoming management interface connections. Clients can
; connect to this and issue commands to query the status of the relays and
; their sessions. The format is "ip[:port]". If the ip is "0.0.0.0" or the
; keyword "any", the dispatcher will listen on all interfaces of this host.
; If the port is not specified, the dispatcher will listen on the default
; port of 25061.
;
;listen_management = 0.0.0.0
; Whether or not to use TLS on the management interface. Note that the same
; TLS credentials are used for both the relay and the management interface
; connections.
;
; Default value is yes.
;
;management_use_tls = yes
; Specify extra checks to be performed on the relay TLS credentials before
; considering the connection with the relay successful. The passport is
; specified as a list of attribute/value pairs in the form:
; AN:value[, AN:value...]
; where the attribute name (AN) is one of the available attribute names from
; the X509 certificate subject: O, OU, CN, C, L, ST, EMAIL. The value is a
; string that has to match with the corresponding attribute value from the
; relay certificate. A wildcard (*) can be used in the value at the beginning
; or the end of the string to indicate that the corresponding attribute from
; the relay certificate must end with respectively to start with the given
; string (excluding the wildcard).
; For example using this passport:
; passport = O:AG Projects, CN:relay*
; means that a connection with a relay will only be accepted if the relay
; certificate subject has organization set to "AG Projects" and the common
; name starts with "relay". To specify that no additional identity checks
; need to be performed, use the keyword None. If passport is None, then only
; the certificate signature is verified against the certificate authority in
; tls/ca.pem (signature is always verified even when passport is None).
;
; Default value is None.
;
;passport = None
; This option is similar to passport above, but applies to the management
; interface connections instead of relay connections. It specifies extra
; checks to be performed on the TLS credentials supplied by an entity that
; connects to the management interface. Please consult passport above for
; a detailed description of the possible values for this option.
;
; If management_use_tls is false, this option is ignored.
;
; Default value is None.
;
;management_passport = None
; Logging level (one of CRITICAL, ERROR, WARNING, INFO or DEBUG)
;log_level = INFO
; Timeout value in second for individual relays. When a command is sent from
; the dispatcher to a relay it will wait this amount of seconds for a reply.
; The default is 5 seconds.
;
;relay_timeout = 5
; A comma separated list of accounting backends that will be used to save
; accounting data with the session information once a session has finished.
; Currently 2 backends are available: "radius" and "database". If enabled
; they can be configured below in their respective sections. The default
; is to use no accounting backend.
;
;accounting =
[TLS]
; Path to the certificates. If relative, it will be looked up in both the
; application directory (for a standalone installation) and /etc/mediaproxy,
; the former taking precedence if found.
;
;certs_path = tls
; How often (in seconds) to verify the peer certificate for expiration and
; revocation. Default value is 300 seconds (5 minutes)
;
;verify_interval = 300
[Database]
; This section needs to be configured if database accounting is enabled
; Database URI in the form: scheme://user:password@host/database
;dburi = mysql://mediaproxy:CHANGEME@localhost/mediaproxy
; Name for the table.
;sessions_table = media_sessions
; Column names. Columns are strings except for info which is a BLOB
;
;callid_column = call_id
;fromtag_column = from_tag
;totag_column = to_tag
;info_column = info
[Radius]
; This section needs to be configured if radius accounting is enabled
; OpenSIPS RADIUS configuration file. All RADIUS configuration parameters
; will be read from this file, including dictionary files.
;
;config_file = /etc/opensips/radius/client.conf
; Additional dictionary file with MediaProxy specific attributes.
;additional_dictionary = radius/dictionary
[OpenSIPS]
; Configure interaction between the media dispatcher and OpenSIPS
; Path to OpenSIPS's UNIX filesystem socket from the mi_datagram module.
;socket_path = /run/opensips/socket