[Pkg-voip-commits] [resiprocate] 06/09: Update repro.config for Debian users

Daniel Pocock pocock at alioth.debian.org
Sat Sep 28 21:17:59 UTC 2013 

This is an automated email from the git hooks/post-receive script.

pocock pushed a commit to annotated tag debian-experimental/1.9.0_beta2-1
in repository resiprocate.

commit d3aac50e5ed598dceff052ab9c6738c61804210d
Author: Daniel Pocock <daniel at pocock.com.au>
Date:   Sat Sep 28 22:31:43 2013 +0200

    Update repro.config for Debian users
---
 debian/conf/repro.config |  174 +++++++++++++++++++++++++++++++++++-----------
 1 file changed, 132 insertions(+), 42 deletions(-)

diff --git a/debian/conf/repro.config b/debian/conf/repro.config
index 0dfd62f..8fdf9f3 100644
--- a/debian/conf/repro.config
+++ b/debian/conf/repro.config
@@ -44,15 +44,30 @@ UDPPort = 5060
 TCPPort = 5060
 
 # Local port to listen on for SIP messages over TLS - 0 to disable
-#TLSPort = 5061
 TLSPort = 0
 
+# Local port to listen on for SIP messages over WS (WebSocket) - 0 to disable
+WSPort = 0
+ 
+# Local port to listen on for SIP messages over WSS (WebSocket TLS) - 0 to disable
+WSSPort = 0
+
 # Local port to listen on for SIP messages over DTLS - 0 to disable
 DTLSPort = 0
 
 # TLS domain name for this server (note: domain cert for this domain must be present)
 TLSDomainName =
 
+# PEM-encoded X.509 certificate for TLS
+# Must contain any intermediate certificates from the CA
+# The TLSCertificate and TLSPrivateKey parameters are optional.  The stack
+# will also try to automatically detect any suitable certificates
+# in the directory specified by CertificatePath
+TLSCertificate = 
+
+# PEM-encoded private key for TLS
+TLSPrivateKey = 
+
 # Whether or not we ask for (Optional) or expect (Mandatory) TLS
 # clients to present a client certificate
 # Possible values:
@@ -80,8 +95,10 @@ TLSUseEmailAsSIP = false
 # Transport<Num>Interface = <IPAddress>:<Port> - Note:  For IPv6 addresses last colon separates
 #                                                IP Address and Port - square bracket notation
 #                                                is not used.
-# Transport<Num>Type = <'TCP'|'UDP'|'TLS'|'DTLS'> - default is UDP if missing
-# Transport<Num>TlsDomain = <TLSDomain> - only required if transport is TLS or DTLS
+# Transport<Num>Type = <'TCP'|'UDP'|'TLS'|'DTLS'|'WS'|'WSS'> - default is UDP if missing
+# Transport<Num>TlsDomain = <TLSDomain> - only required if transport is TLS, DTLS or WSS
+# Transport<Num>TlsCertificate = <TLSCertificate> - only for TLS, DTLS or WSS
+# Transport<Num>TlsPrivateKey = <TLSPrivateKey> - only for TLS, DTLS or WSS
 # Transport<Num>TlsClientVerification = <'None'|'Optional'|'Mandatory'> - default is None
 # Transport<Num>RecordRouteUri = <'auto'|URI> - if set to auto then record route URI
 #                                               is automatically generated from the other
@@ -107,6 +124,8 @@ TLSUseEmailAsSIP = false
 # Transport3Interface = 192.168.1.106:5061
 # Transport3Type = TLS
 # Transport3TlsDomain = sipdomain.com
+# Transport3TlsCertificate = /etc/ssl/crt/sipdomain.com.crt
+# Transport3TlsPrivateKey = /etc/ssl/private/sipdomain.com.key
 # Transport3TlsClientVerification = Mandatory
 # Transport3RecordRouteUri = sip:h1.sipdomain.com;transport=TLS
 #
@@ -114,12 +133,22 @@ TLSUseEmailAsSIP = false
 # Transport4Type = UDP
 # Transport4RecordRouteUri = auto
 
+# Transport5Interface = 192.168.1.106:5062
+# Transport5Type = WS
+# Transport5RecordRouteUri = auto
+
+# Transport6Interface = 192.168.1.106:5063
+# Transport6Type = WSS
+# Transport6TlsDomain = sipdomain.com
+# Transport6TlsClientVerification = None
+# Transport6RecordRouteUri = sip:h1.sipdomain.com;transport=WS
+
 # Comma separated list of DNS servers, overrides default OS detected list (leave blank 
 # for default)
 DNSServers =
 
 # Enable IPv6
-EnableIPv6 = false
+EnableIPv6 = true
 
 # Enable IPv4
 DisableIPv4 = false
@@ -175,15 +204,25 @@ Daemonize = true
 # if unspecified, no attempt will be made to create a PID file
 PidFile = /var/run/repro/repro.pid
 
-# Path to load certificates from (default:  "$(HOME)/.sipCerts on *nix, and c:\sipCerts 
-# on windows)
-# Note that repro loads ALL root certificates found by the settings
-# CertificatePath, CADirectory and CAFile.  Setting one option does
-# not disable the other options.
+# Path to load certificates from (optional, there is no default)
+# Note that repro loads ALL root certificates found by any of the settings
+#
+#    CertificatePath
+#    CADirectory
+#    CAFile
+#
+# Setting one option does not disable the other options.
+#
 # Certificates in this location have to match one of the filename
 # patterns expected by the legacy reSIProcate SSL code:
+#
 #   domain_cert_NAME.pem, root_cert_NAME.pem, ...
-CertificatePath = /etc/repro/ssl
+#
+# For domain certificates, it is recommended to use the options
+# for individual transports, such as TransportXTlsCertificate and
+# TransportXTlsPrivateKey and not set CertificatePath at all.
+#
+CertificatePath =
 
 # Path to load root certificates from
 # Iff this directory is specified, all files in the directory
@@ -247,17 +286,17 @@ MySQLPort = 3306
 
 # The Users and MessageSilo database tables are different from the other repro configuration
 # database tables, in that they are accessed at runtime as SIP requests arrive.  It may be
-# desirable to use BerkeleyDb for the other repro tables (which are read at starup time, then
-# cached in memory), and MySQL for the runtime accessed tables; or two seperate MySQL instances
-# for these different table sets.  Use the following settings in order to specify a seperate
+# desirable to use BerkeleyDb for the other repro tables (which are read at starup time, then 
+# cached in memory), and MySQL for the runtime accessed tables; or two seperate MySQL instances 
+# for these different table sets.  Use the following settings in order to specify a seperate 
 # MySQL instance for use by the Users and MessageSilo tables.
 #
 # WARNING: repro must be compiled with the USE_MYSQL flag in order for this work.
-#
+# 
 # Note:  If this setting is left blank then repro will fallback all remaining my sql
 # settings to use the global MySQLServer settings.  If the MySQLServer setting is also
-# blank, then repro will use BerkelyDB for all configuration tables.  See the
-# documentation on the global MySQLServer settings for more details on the following
+# blank, then repro will use BerkelyDB for all configuration tables.  See the 
+# documentation on the global MySQLServer settings for more details on the following 
 # individual settings.
 RuntimeMySQLServer =
 RuntimeMySQLUser = root
@@ -280,6 +319,67 @@ RuntimeMySQLPort = 3306
 #           sip_domain = '$domain' AND account_status = 'active'
 MySQLCustomUserAuthQuery =
 
+# Session Accounting - When enabled resiprocate will push a JSON formatted 
+# events for sip session related messaging that the proxy receives,
+# to a persistent message queue that uses berkeleydb backed storage.
+# The following session events are logged:
+#   Session Created - INVITE passing authentication was received
+#   Session Routed - received INVITE was forward to a target
+#   Session Redirected - session was 3xx redirected or REFERed
+#   Session Established - there was 2xx answer to an INVITE (only generate for first 2xx)
+#   Session Cancelled - CANCEL was received
+#   Session Ended - BYE was received from either end
+#   Session Error - a 4xx, 5xx, or 6xx response was sent to the inviter
+# Consuming Accounting Events:
+# Users must ensure that this message queue is consumed, or it will grow without
+# bound.  A queuetostream consumer process is provided, that will consume the 
+# events from the message queue and stream them to stdout.  This output stream can
+# be consumed by linux scripting tools and converted to database records or some
+# other relevant representation of the data.  
+# For example: ./queuetostream ./sessioneventqueue > streamconsumer
+# In the future a MySQL consumer may also be provided in order to update
+# session accounting records in a MySQL database table.
+SessionAccountingEnabled = false
+
+# The following setting determines if repro will add routing header information
+# (ie. Route, and Record-Route headers)to the Session Created, Session Routed
+# and Session Established events.
+SessionAccountingAddRoutingHeaders = false
+
+# The following setting determines if we will add via header information to
+# the Session Created event.  
+SessionAccountingAddViaHeaders = false
+
+# Registration Accounting - When enabled resiprocate will push a JSON formatted 
+# events for every registration, re-registration, and unregistration message
+# received to a persistent message queue that uses berkeleydb backed storage.
+# The following registration events are logged:
+#   Registration Added - initial registration received
+#   Registration Refreshed - registration refresh received / re-register
+#   Registration Removed - registration removed by client / unregister
+#   Registration Removed All - all contacts registration remove / unregister
+# Consuming Accounting Events:
+# Users must ensure that this message queue is consumed, or it will grow without
+# bound.  A queuetostream consumer process is provided, that will consume the 
+# events from the message queue and stream them to stdout.  This output stream can
+# be consumed by linux scripting tools and converted to database records or some
+# other relevant representation of the data.  
+# For example: ./queuetostream ./regeventqueue > streamconsumer
+# In the future a MySQL consumer may also be provided in order to update 
+# login/registration accounting records in a MySQL database table.
+RegistrationAccountingEnabled = false
+
+# The following setting determines if repro will add routing header information
+# (ie. Route and Path headers)to registration accounting events.
+RegistrationAccountingAddRoutingHeaders = false
+
+# The following setting determines if we will add via header information to
+# the registration accounting events.
+RegistrationAccountingAddViaHeaders = false
+
+# The following setting determines if we log the RegistrationRefreshed events
+RegistrationAccountingLogRefreshes = false
+
 # Run a Certificate Server - Allows PUBLISH and SUBSCRIBE for certificates
 EnableCertServer = false
 
@@ -329,7 +429,7 @@ NumAuthGrabberWorkerThreads = 2
 # (ie. RequestFilter)
 NumAsyncProcessorWorkerThreads = 2
 
-# Specify domains for which this proxy is authorative (in addition to those specified on web
+# Specify domains for which this proxy is authorative (in addition to those specified on web 
 # interface) - comma separate list
 # Notes: * Domains specified here cannot be used when creating users, domains used in user
 #          AORs must be specified on the web interface.
@@ -368,7 +468,7 @@ EnumSuffixes =
 # where somedomain is an element of EnumDomains,
 # the ENUM logic will be applied for the number
 # If empty, ENUM is never used
-EnumDomains =
+EnumDomains = 
 
 # Specify length of timer C in sec (0 or negative will disable timer C) - default 180
 TimerC = 180
@@ -390,14 +490,14 @@ OutboundVersion = 5626
 
 # There are cases where the first hop in a particular network supports the concept of outbound
 # and ensures all messaging for a client is delivered over the same connection used for
-# registration.  This could be a SBC or other NAT traversal aid router that uses the Path
-# header.  However such endpoints may not be 100% compliant with outbound RFC and may not
+# registration.  This could be a SBC or other NAT traversal aid router that uses the Path 
+# header.  However such endpoints may not be 100% compliant with outbound RFC and may not 
 # include a ;ob parameter in the path header.  This parameter is required in order for repro
 # to have knowledge that the first hop does support outbound, and it will reject registrations
 # that appear to be using outboud (ie. instanceId and regId) with a 439 (First Hop Lacks Outbound
 # Support).  In this case it can be desirable when using repro as the registrar to not reject
 # REGISTRATION requests that contain an instanceId and regId with a 439.
-# If this setting is enabled, then repro will assume the first hop supports outbound
+# If this setting is enabled, then repro will assume the first hop supports outbound 
 # and not return this error.
 AssumeFirstHopSupportsOutbound = false
 
@@ -446,7 +546,7 @@ EnableCertificateAuthenticator = false
 # permitted SIP `From:' addresses
 #
 # Without this file, the default behavior of the CertificateAuthenticator
-# ensures that the `From:' address in SIP messages must match the
+# ensures that the `From:' address in SIP messages must match the 
 # Common Name or one of the subjectAltNames from the X.509 certificate
 #
 # When this file is supplied, the CertificateAuthenticator will continue
@@ -494,6 +594,13 @@ RejectBadNonces = false
 # allow To tag in registrations
 AllowBadReg = false
 
+########################################################
+# Cookie Authentication Settings
+########################################################
+
+# Shared secret for cookie HMAC validation. If there is no WSCookieAuthSharedSecret
+# there will be no cookie validation.
+# WSCookieAuthSharedSecret =
 
 ########################################################
 # RequestFilter Monkey Settings
@@ -521,30 +628,13 @@ RequestFilterDefaultDBErrorBehavior = 500, Server Internal DB Error
 # WARNING: repro must be compiled with the USE_MYSQL flag in order for this work.
 #
 # Note:  If this setting is left blank then repro will fallback all remaining my sql
-# settings to use the global RuntimeMySQLServer or MySQLServer settings.  See the
-# documentation on the global MySQLServer settings for more details on the following
+# settings to use the global RuntimeMySQLServer or MySQLServer settings.  See the 
+# documentation on the global MySQLServer settings for more details on the following 
 # individual settings.
 RequestFilterMySQLServer =
-
-# The MySQL login ID to use when connecting to the MySQL Server. 
-# Note:  If the RequestFilterMySQLServer setting is left blank then repro will fallback to 
-# using the global MySQL settings.
 RequestFilterMySQLUser = root
-
-# The password for the MySQL login ID specified.
-# Note:  If the RequestFilterMySQLServer setting is left blank then repro will fallback to 
-# using the global MySQL settings.
 RequestFilterMySQLPassword = root
-
-# The database name on the MySQL server that contains the repro tables
-# Note:  If the RequestFilterMySQLServer setting is left blank then repro will fallback to 
-# using the global MySQL settings.
 RequestFilterMySQLDatabaseName = 
-
-# If port is not 0, the value is used as the port number for the TCP/IP connection. Note that
-# the host parameter determines the type of the connection.
-# Note:  If the RequestFilterMySQLServer setting is left blank then repro will fallback to 
-# using the global MySQL settings.
 RequestFilterMySQLPort = 3306
 
 
@@ -664,7 +754,7 @@ GeoProximityIPv6CityDatabaseFile =
 
 # This setting specifies a PCRE compliant regular expression to attempt
 # to match against the request URI of inbound requests.  Any requests
-# matching this expression, will have its Targets sorted as described
+# matching this expression, will have their targets sorted as described
 # above.  Leave blank to match all requests.
 GeoProximityRequestUriFilter = ^sip:mediaserver.*@mydomain.com$
 

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-voip/resiprocate.git

More information about the Pkg-voip-commits mailing list