modules/websocket: updated example configuration and test scripts
[sip-router] / modules / websocket / example / kamailio.cfg
1 #!KAMAILIO
2
3 #!define DBURL          "sqlite:////etc/kamailio/db.sqlite"
4
5 ####### Global Parameters #########
6
7 debug=2
8 fork=yes
9 children=4
10
11 enable_tls=1
12
13 alias="example.com"
14
15 listen=192.168.111.2:5060
16 listen=tcp:192.168.111.2:80
17
18 listen=tls:192.168.111.2:5061
19 listen=tls:192.168.111.2:443
20
21 tcp_connection_lifetime=3604
22 tcp_accept_no_cl=yes
23
24 enable_tls=1
25
26 syn_branch=0
27
28 #mpath="/usr/lib64/kamailio/modules_k/:/usr/lib64/kamailio/modules/"
29 mpath="modules_k:modules"
30
31 loadmodule "db_sqlite.so"
32 loadmodule "tm.so"
33 loadmodule "sl.so"
34 loadmodule "rr.so"
35 loadmodule "pv.so"
36 loadmodule "maxfwd.so"
37 loadmodule "usrloc.so"
38 loadmodule "registrar.so"
39 loadmodule "textops.so"
40 loadmodule "siputils.so"
41 loadmodule "xlog.so"
42 loadmodule "sanity.so"
43 loadmodule "ctl.so"
44 loadmodule "auth.so"
45 loadmodule "auth_db.so"
46 loadmodule "xhttp.so"
47 loadmodule "kex.so"
48 loadmodule "websocket.so"
49 loadmodule "mi_rpc.so"
50 loadmodule "tls.so"
51
52 # ----------------- setting module-specific parameters ---------------
53
54 # ----- tm params -----
55 # auto-discard branches from previous serial forking leg
56 modparam("tm", "failure_reply_mode", 3)
57 # default retransmission timeout: 30sec
58 modparam("tm", "fr_timer", 30000)
59 # default invite retransmission timeout after 1xx: 120sec
60 modparam("tm", "fr_inv_timer", 120000)
61
62 # ----- rr params -----
63 # add value to ;lr param to cope with most of the UAs
64 modparam("rr", "enable_full_lr", 1)
65 # do not append from tag to the RR (no need for this script)
66 modparam("rr", "append_fromtag", 0)
67
68 # ----- registrar params -----
69 modparam("registrar", "method_filtering", 1)
70 modparam("registrar", "max_expires", 3600)
71 modparam("registrar", "gruu_enabled", 0)
72
73 # ----- usrloc params -----
74 modparam("usrloc", "db_url", DBURL)
75 modparam("usrloc", "db_mode", 0)
76
77 # ----- auth_db params -----
78 modparam("auth_db", "db_url", DBURL)
79 modparam("auth_db", "calculate_ha1", yes)
80 modparam("auth_db", "password_column", "password")
81 modparam("auth_db", "load_credentials", "")
82
83 # ----- websocket params -----
84 modparam("websocket", "keepalive_timeout", 30)
85
86 # ----- tls params -----
87 modparam("tls", "tls_method", "SSLv23")
88 modparam("tls", "certificate", "CA/ser1_cert.pem")
89 modparam("tls", "private_key", "CA/privkey.pem")
90 modparam("tls", "ca_list", "CA/calist.pem")
91
92 ####### Routing Logic ########
93
94
95 # Main SIP request routing logic
96 # - processing of any incoming SIP request starts with this route
97 # - note: this is the same as route { ... }
98 request_route {
99
100         if ($rm == "OPTIONS")
101         {
102                 force_rport();
103                 $du = "sip:192.168.111.2:5080;transport=udp";
104                 forward();
105                 exit;
106         }
107
108         # per request initial checks
109         route(REQINIT);
110
111         # handle requests within SIP dialogs
112         route(WITHINDLG);
113
114         ### only initial requests (no To tag)
115
116         # CANCEL processing
117         if (is_method("CANCEL"))
118         {
119                 if (t_check_trans())
120                         t_relay();
121                 exit;
122         }
123
124         t_check_trans();
125
126         # authentication
127         route(AUTH);
128
129         # record routing for dialog forming requests (in case they are routed)
130         # - remove preloaded route headers
131         remove_hf("Route");
132         if (is_method("INVITE|SUBSCRIBE"))
133                 record_route();
134
135         # handle registrations
136         route(REGISTRAR);
137
138         if ($rU==$null)
139         {
140                 # request with no Username in RURI
141                 sl_send_reply("484","Address Incomplete");
142                 exit;
143         }
144
145         # user location service
146         route(LOCATION);
147
148         route(RELAY);
149 }
150
151 route[RELAY] {
152         if (!t_relay()) {
153                 sl_reply_error();
154         }
155         exit;
156 }
157
158 # Per SIP request initial checks
159 route[REQINIT] {
160         if (!mf_process_maxfwd_header("10")) {
161                 sl_send_reply("483","Too Many Hops");
162                 exit;
163         }
164
165         if(!sanity_check("1511", "7"))
166         {
167                 xlog("Malformed SIP message from $si:$sp\n");
168                 exit;
169         }
170 }
171
172 # Handle requests within SIP dialogs
173 route[WITHINDLG] {
174         if (has_totag()) {
175                 # sequential request withing a dialog should
176                 # take the path determined by record-routing
177                 if (loose_route()) {
178                         route(RELAY);
179                 } else {
180                         if ( is_method("ACK") ) {
181                                 if ( t_check_trans() ) {
182                                         # no loose-route, but stateful ACK;
183                                         # must be an ACK after a 487
184                                         # or e.g. 404 from upstream server
185                                         t_relay();
186                                         exit;
187                                 } else {
188                                         # ACK without matching transaction...
189                                         # ignore and discard
190                                         exit;
191                                 }
192                         }
193                         sl_send_reply("404","Not here");
194                 }
195                 exit;
196         }
197 }
198
199 # Handle SIP registrations
200 route[REGISTRAR] {
201         if (is_method("REGISTER"))
202         {
203                 if (!save("location"))
204                         sl_reply_error();
205
206                 exit;
207         }
208 }
209
210 # USER location service
211 route[LOCATION] {
212         if (!lookup("location")) {
213                 $var(rc) = $rc;
214                 t_newtran();
215                 switch ($var(rc)) {
216                         case -1:
217                         case -3:
218                                 send_reply("404", "Not Found");
219                                 exit;
220                         case -2:
221                                 send_reply("405", "Method Not Allowed");
222                                 exit;
223                 }
224         }
225 }
226
227 # Authentication route
228 route[AUTH] {
229         if (is_method("REGISTER") || from_uri==myself)
230         {
231                 # authenticate requests
232                 if (!auth_check("$fd", "subscriber", "1")) {
233                         auth_challenge("$fd", "0");
234                         exit;
235                 }
236                 # user authenticated - remove auth header
237                 if(!is_method("REGISTER|PUBLISH"))
238                         consume_credentials();
239         }
240         # if caller is not local subscriber, then check if it calls
241         # a local destination, otherwise deny, not an open relay here
242         if (from_uri!=myself && uri!=myself)
243         {
244                 sl_send_reply("403","Not relaying");
245                 exit;
246         }
247 }
248
249 event_route[xhttp:request] {
250         if ($Rp != "80" && $Rp != "443") {
251                 xlog("L_WARN", "HTTP request received on $Rp\n");
252                 xhttp_reply("403", "Forbidden", "", "");
253                 exit;
254         }
255
256         xlog("L_DBG", "HTTP Request Received\n");
257
258         if ($hdr(Upgrade)=~"websocket"
259                         && $hdr(Connection)=~"Upgrade"
260                         && $rm=~"GET") {
261                 xlog("L_DBG", "WebSocket\n");
262                 xlog("L_DBG", " Host: $hdr(Host)\n");
263                 xlog("L_DBG", " Origin: $hdr(Origin)\n");
264
265                 if ($hdr(Host) == $null || !is_myself($hdr(Host))) {
266                         xlog("L_WARN", "Bad host $hdr(Host)\n");
267                         xhttp_reply("403", "Forbidden", "", "");
268                         exit;
269                 }
270
271                 # Optional... validate Origin
272                 # Optional... perform HTTP authentication
273
274                 ws_handle_handshake();
275         }
276
277         xhttp_reply("404", "Not found", "", "");
278 }