## OpenSIPS residential configuration script# by OpenSIPS Solutions <tea

1. #
2. # OpenSIPS residential configuration script
3. # by OpenSIPS Solutions <team@opensips-solutions.com>
4. #
5. # Please refer to the Core CookBook at:
6. # http://www.opensips.org/Resources/DocsCookbooks
7. # for a explanation of possible statements, functions and parameters.
8. #
9.  
10.  
11. ####### Global Parameters #########
12.  
13. debug_mode=yes
14.  
15. log_level=2
16. xlog_level=2
17. log_stderror=yes
18. log_facility=LOG_LOCAL0
19.  
20. udp_workers=2
21.  
22. # Set up listeners
23.  
24. socket = bin:172.xx.xx.xx:5566
25. socket = udp:172.xx.xx.xx:5066
26. socket = udp:172.xx.xx.xx:5077
27. socket = udp:172.xx.xx.xx:5067
28. socket = ws:172.xx.xx.xx:6060 as os.sip.xxxx.cloud
29. socket = wss:172.xx.xx.xx:443 as os.sip.xxxx.cloud
30. ####### Modules Section ########
31.  
32. # set module path
33. mpath="/usr/lib/x86_64-linux-gnu/opensips/modules/"
34.  
35. loadmodule "tls_mgm.so"
36. #### SIGNALING module
37. loadmodule "signaling.so"
38.  
39. #### StateLess module
40. loadmodule "sl.so"
41.  
42. #### Transaction Module
43. loadmodule "tm.so"
44. modparam("tm", "fr_timeout", 5)
45. modparam("tm", "fr_inv_timeout", 30)
46. modparam("tm", "restart_fr_on_each_reply", 0)
47. modparam("tm", "onreply_avp_mode", 1)
48.  
49. #### DB Modules
50.  
51. loadmodule "db_mysql.so"
52. modparam("db_mysql", "exec_query_threshold", 60000)
53. modparam("db_mysql", "max_db_queries", 20)
54.  
55. #### MOngoDB Module
56. loadmodule "cachedb_mongodb.so"
57. modparam("cachedb_mongodb", "cachedb_url", "mongodb://user:pwd@XXXXXX-shard-00-00.okdm0.mongodb.net:27017,XXXXXXX-shard-00-01.okdm0.mongodb.net:27017,XXXX-shard-00-02.okdm0.mongodb.net:27017/myFirstDatabase.userlocation?ssl=true&authSource=admin&retryWrites=true&w=majority")
58.  
59.  
60. #### Record Route Module
61. loadmodule "rr.so"
62. modparam("rr", "enable_double_rr", 1)
63. modparam("rr", "append_fromtag", 0)
64.  
65. #### MAX ForWarD module
66. loadmodule "maxfwd.so"
67.  
68. #### SIP MSG OPerationS module
69. loadmodule "sipmsgops.so"
70.  
71. #### FIFO Management Interface
72. loadmodule "mi_fifo.so"
73. modparam("mi_fifo", "fifo_name", "/tmp/opensips_fifo")
74. modparam("mi_fifo", "fifo_mode", 0666)
75.  
76.  
77. #### USeR LOCation module
78. loadmodule "usrloc.so"
79. # modparam("usrloc", "nat_bflag", "NAT")
80. # modparam("usrloc", "db_mode", 0)
81. modparam("usrloc", "use_domain", 1)
82. modparam("usrloc", "working_mode_preset", "federation-cachedb-cluster")
83. modparam("usrloc", "location_cluster", 1)
84. modparam("usrloc", "cachedb_url", "mongodb://user:pwd@XXXXXX-shard-00-00.okdm0.mongodb.net:27017,XXXXXX-shard-00-01.okdm0.mongodb.net:27017,XXXXXX-shard-00-02.okdm0.mongodb.net:27017/myFirstDatabase.userlocation?ssl=true&authSource=admin&retryWrites=true&w=majority")
85.  
86.  
87. #### REGISTRAR module
88. loadmodule "registrar.so"
89. modparam("registrar", "default_expires", 1800)
90. modparam("registrar", "attr_avp", "$avp(attr)")
91. modparam("registrar", "max_contacts", 2)
92. ##max_contacts
93.  
94.  
95. #### RTPengine protocol
96. loadmodule "rtpengine.so"
97. modparam("rtpengine", "rtpengine_sock", "udp:172.xx.xx.102:2223")
98.  
99. #### Nathelper protocol
100. loadmodule "nathelper.so"
101. modparam("nathelper", "natping_interval", 30)
102. modparam("nathelper", "sipping_from", "sip:pinger@localhost")
103. modparam("nathelper", "sipping_bflag", "SIPPING_ENABLE")
104. modparam("nathelper", "remove_on_timeout_bflag", "SIPPING_RTO")
105. modparam("nathelper", "max_pings_lost", 5)
106. modparam("nathelper", "cluster_id", 1)
107.  
108. ### Load Binary Protocol
109. loadmodule "proto_bin.so"
110. modparam("proto_bin", "bin_port", 5566)
111.  
112. #### UDP protocol
113. loadmodule "proto_udp.so"
114.  
115.  
116. #### WebSocket and WebSocketSecure protocol
117. loadmodule "proto_wss.so"
118. loadmodule "proto_ws.so"
119.  
120. # Certificate management
121. modparam("tls_mgm", "server_domain", "dom")
122. modparam("tls_mgm", "match_sip_domain", "[dom]os.sip.xxx.cloud")
123. modparam("tls_mgm", "certificate", "[dom]/etc/opensips/os.sip.xxxx.cloud/cert.pem")
124. modparam("tls_mgm", "private_key", "[dom]/etc/opensips/os.sip.xxxx.cloud/privkey.pem")
125. modparam("tls_mgm", "ca_list", "[dom]/etc/opensips/os.sip.xxxx.cloud/chain.pem")
126. modparam("tls_mgm", "verify_cert", "[dom]0")
127. modparam("tls_mgm", "require_cert", "[dom]0")
128. modparam("tls_mgm", "tls_method", "[dom]TLSv1-")
129.  
130. ### Load Custer module
131. loadmodule "clusterer.so"
132. modparam("clusterer", "my_node_id", 1)
133. modparam("clusterer", "db_mode", 0)
134. modparam("clusterer", "my_node_info", "cluster_id=1, url=bin:172.xx.xx.60:5566, sip_addr=172.xx.xx.60:5067, flags=seed")
135. modparam("clusterer", "neighbor_node_info", "cluster_id=1,node_id=2,url=bin:172.xx.yy.60:5566")
136. modparam("clusterer", "neighbor_node_info", "cluster_id=1,node_id=2,url=bin:172.xx.yy.60:5566")
137.  
138. #### Load dialog module
139.  
140. loadmodule "dialog.so"
141. modparam("dialog", "db_mode", 0)
142. modparam("dialog", "db_update_period", 20)
143.  
144. ### Load account module
145. loadmodule "acc.so"
146. modparam("acc", "early_media", 0)
147. modparam("acc", "report_cancels", 0)
148. modparam("acc", "detect_direction", 0)
149.  
150. ####### Routing Logic ########
151.  
152. # main request routing logic
153. route{
154. if (!mf_process_maxfwd_header(10)) {
155. send_reply(483,"Too Many Hops");
156. exit;
157. }
158.  
159. if (has_totag()) {
160. # sequential requests within a dialog should
161. # take the path determined by record-routing
162. if (loose_route()) {
163. if (is_method("INVITE")) {
164. # even if in most of the cases is useless, do RR for
165. # re-INVITEs alos, as some buggy clients do change route set
166. # during the dialog.
167. record_route();
168. }
169. # route it out to whatever destination was set by loose_route()
170. # in $du (destination URI).
171. route(relay);
172. } else {
173. if ( is_method("ACK") ) {
174. if ( t_check_trans() ) {
175. # non loose-route, but stateful ACK; must be an ACK after
176. # a 487 or e.g. 404 from upstream server
177. t_relay();
178. exit;
179. } else {
180. # ACK without matching transaction ->
181. # ignore and discard
182. exit;
183. }
184. }
185. send_reply(404,"Not here");
186. }
187. exit;
188. }
189.  
190. # CANCEL processing
191. if (is_method("CANCEL")) {
192. if (t_check_trans())
193. t_relay();
194. exit;
195. }
196.  
197. t_check_trans();
198.  
199. if (!is_method("REGISTER")) {
200. if (!is_myself("$fd")) {
201. if (!is_myself("$rd")) {
202. send_reply(403,"Relay Forbidden");
203. exit;
204. }
205. }
206. }
207.  
208. # preloaded route checking
209. if (loose_route()) {
210. xlog("L_ERR",
211. "Attempt to route with preloaded Route's [$fu/$tu/$ru/$ci]");
212. if (!is_method("ACK"))
213. send_reply(403,"Preload Route denied");
214. exit;
215. }
216.  
217. # record routing
218. if (!is_method("REGISTER|MESSAGE"))
219. record_route();
220.  
221. if (!is_myself("$rd")) {
222. append_hf("P-hint: outbound\r\n");
223. route(relay);
224. }
225.  
226. # requests for my domain
227. if (is_method("PUBLISH|SUBSCRIBE")) {
228. send_reply(503,"Service Unavailable");
229. exit;
230. }
231.  
232. # check if the clients are using WebSockets or WebSocketSecure
233. if ($socket_in(proto) == "WS"|| $socket_in(proto) == "WSS"){
234. setflag("SRC_WS");
235. }
236.  
237. # consider the client is behind NAT - always fix the contact
238. fix_nated_contact();
239.  
240. if (is_method("REGISTER")) {
241.  
242. # indicate that the client supports DTLS
243. # so we know when he is called
244. if (isflagset("SRC_WS")){
245. setbflag("DST_WS");
246. }
247.  
248. fix_nated_register();
249. if (!save("os.sip.xxxx.cloud")){
250. sl_reply_error();
251. }
252.  
253.  
254. exit;
255. }
256.  
257. if ($rU==NULL) {
258. # request with no Username in RURI
259. send_reply(484,"Address Incomplete");
260. exit;
261. }
262.  
263. # do lookup with method filtering
264. $var(lookup_flags) = "m";
265. $var(rd_backup) = $rd;
266. #sethost("os.sip.xxxx.cloud");
267.  
268. if(cluster_check_addr(1, "$si")){
269.  
270. xlog("\033[36m>>>>>>>>Local---- SorceIP $si >>>-\033[0m--\n");
271. xlog("$rm from cluster, doing local lookup only\n");
272.  
273. }else{
274.  
275. xlog("\033[36m>>>>>>>>Global---- SorceIP $si >>>-\033[0m--\n");
276. xlog("$rm from outside, doing global lookup\n");
277. $var(lookup_flags) = $var(lookup_flags) + "g";
278. xlog("\033[36m>>>>>>>>-lookup_flags -- $var(lookup_flags) --->>> >>>-\033[0m--\n");
279.  
280. }
281.  
282. $var(aor) = "sip:" + $rU + "@" + "os.sip.xxxx.cloud";
283. if (!lookup("os.sip.xxxx.cloud", "$var(lookup_flags)", "$var(aor)")) {
284. t_reply(404, "Not Found");
285. exit;
286. }
287.  
288. #sethost($var(rd_backup));
289.  
290. do_accounting("log","missed");
291. route(relay);
292. }
293.  
294. route[relay] {
295. # for INVITEs enable some additional helper routes
296. if (is_method("INVITE")) {
297. t_on_branch("handle_nat");
298. t_on_reply("handle_nat");
299. } else if (is_method("BYE|CANCEL")) {
300. rtpengine_delete();
301. }
302.  
303. if (!t_relay()) {
304. send_reply(500,"Internal Error");
305. };
306. exit;
307. }
308.  
309. branch_route[handle_nat] {
310.  
311. xlog("\033[31m>>>>>>>>branch_route ------------------- >>>-\033[0m--\n");
312.  
313. if (!is_method("INVITE") || !has_body("application/sdp"))
314. return;
315.  
316. if(isbflagset("DST_WS"))
317. xlog("\033[31m>>>>>>>>branch_route Protocol DST_WS ---- set >>>-\033[0m--\n");
318.  
319. if(isflagset("SRC_WS"))
320. xlog("\033[31m>>>>>>>>branch_route Protocol SRC_WS ---- set >>>-\033[0m--\n");
321.  
322.  
323. if (isflagset("SRC_WS") && isbflagset("DST_WS"))
324. $var(rtpengine_flags) = "ICE=force-relay DTLS=passive";
325. else if (isflagset("SRC_WS") && !isbflagset("DST_WS"))
326. $var(rtpengine_flags) = "RTP/AVP replace-session-connection replace-origin ICE=remove rtcp-mux-demux";
327. else if (!isflagset("SRC_WS") && isbflagset("DST_WS"))
328. $var(rtpengine_flags) = "UDP/TLS/RTP/SAVPF ICE=force SDES-off rtcp-mux-offer";
329. else if (!isflagset("SRC_WS") && !isbflagset("DST_WS"))
330. $var(rtpengine_flags) = "RTP/AVP replace-session-connection replace-origin ICE=remove";
331.  
332. xlog("\033[31m>>>>>>>>offer flag is ------------------- $var(rtpengine_flags) >>>-\033[0m--\n");
333. rtpengine_offer("$var(rtpengine_flags)");
334. }
335.  
336. onreply_route[handle_nat] {
337.  
338. xlog("\033[31m>>>>>>>>onreply_route ------------------- >>>-\033[0m--\n");
339.  
340.  
341. fix_nated_contact();
342. if (!has_body("application/sdp"))
343. return;
344.  
345. if(isbflagset("DST_WS"))
346. xlog("\033[31m>>>>>>>>onreply_route Protocol DST_WS ---- set >>>-\033[0m--\n");
347.  
348. if(isflagset("SRC_WS"))
349. xlog("\033[31m>>>>>>>>onreply_route Protocol SRC_WS ---- set >>>-\033[0m--\n");
350.  
351.  
352. if (isflagset("SRC_WS") && isbflagset("DST_WS DTLS=passive"))
353. $var(rtpengine_flags) = "ICE=force-relay DTLS=passive";
354. else if (isflagset("SRC_WS") && !isbflagset("DST_WS"))
355. $var(rtpengine_flags) = "UDP/TLS/RTP/SAVPF ICE=force";
356. else if (!isflagset("SRC_WS") && isbflagset("DST_WS"))
357. $var(rtpengine_flags) = "RTP/AVP replace-session-connection replace-origin ICE=remove";
358. else if (!isflagset("SRC_WS") && !isbflagset("DST_WS"))
359. $var(rtpengine_flags) = "RTP/AVP replace-session-connection replace-origin ICE=remove";
360.  
361. xlog("\033[31m>>>>>>>>answer flag is ------------------- $var(rtpengine_flags) >>>-\033[0m--\n");
362. rtpengine_answer("$var(rtpengine_flags)");
363. }
364.