cac432c5c8c32ac9c8772a4710e8030650e85223
[sip-router] / modules / websocket / example / kamailio.cfg
1 #!KAMAILIO
2
3 #!define DBURL          "sqlite:////etc/kamailio/db.sqlite"
4
5 ####### Global Parameters #########
6
7 debug=2
8 fork=yes
9 children=4
10
11 enable_tls=1
12
13 alias="example.com"
14
15 listen=192.168.111.2:5060
16 listen=tcp:192.168.111.2:80
17
18 listen=tls:192.168.111.2:5061
19 listen=tls:192.168.111.2:443
20
21 tcp_connection_lifetime=3604
22 tcp_accept_no_cl=yes
23
24 enable_tls=1
25
26 syn_branch=0
27
28 #mpath="/usr/lib64/kamailio/modules_k/:/usr/lib64/kamailio/modules/"
29 mpath="modules_k:modules"
30
31 loadmodule "db_sqlite.so"
32 loadmodule "tm.so"
33 loadmodule "sl.so"
34 loadmodule "rr.so"
35 loadmodule "pv.so"
36 loadmodule "maxfwd.so"
37 loadmodule "usrloc.so"
38 loadmodule "registrar.so"
39 loadmodule "textops.so"
40 loadmodule "siputils.so"
41 loadmodule "xlog.so"
42 loadmodule "sanity.so"
43 loadmodule "ctl.so"
44 loadmodule "auth.so"
45 loadmodule "auth_db.so"
46 loadmodule "xhttp.so"
47 loadmodule "kex.so"
48 loadmodule "websocket.so"
49 loadmodule "mi_rpc.so"
50 loadmodule "tls.so"
51
52 # ----------------- setting module-specific parameters ---------------
53
54 # ----- tm params -----
55 # auto-discard branches from previous serial forking leg
56 modparam("tm", "failure_reply_mode", 3)
57 # default retransmission timeout: 30sec
58 modparam("tm", "fr_timer", 30000)
59 # default invite retransmission timeout after 1xx: 120sec
60 modparam("tm", "fr_inv_timer", 120000)
61
62 # ----- rr params -----
63 # add value to ;lr param to cope with most of the UAs
64 modparam("rr", "enable_full_lr", 1)
65 # do not append from tag to the RR (no need for this script)
66 modparam("rr", "append_fromtag", 0)
67
68 # ----- registrar params -----
69 modparam("registrar", "method_filtering", 1)
70 modparam("registrar", "max_expires", 3600)
71 modparam("registrar", "gruu_enabled", 0)
72
73 # ----- usrloc params -----
74 modparam("usrloc", "db_url", DBURL)
75 modparam("usrloc", "db_mode", 0)
76
77 # ----- auth_db params -----
78 modparam("auth_db", "db_url", DBURL)
79 modparam("auth_db", "calculate_ha1", yes)
80 modparam("auth_db", "password_column", "password")
81 modparam("auth_db", "load_credentials", "")
82
83 # ----- websocket params -----
84 modparam("websocket", "keepalive_timeout", 30)
85
86 # ----- tls params -----
87 modparam("tls", "tls_method", "SSLv23")
88 modparam("tls", "certificate", "CA/ser1_cert.pem")
89 modparam("tls", "private_key", "CA/privkey.pem")
90 modparam("tls", "ca_list", "CA/calist.pem")
91
92 ####### Routing Logic ########
93
94
95 # Main SIP request routing logic
96 # - processing of any incoming SIP request starts with this route
97 # - note: this is the same as route { ... }
98 request_route {
99
100         # per request initial checks
101         route(REQINIT);
102
103         # handle requests within SIP dialogs
104         route(WITHINDLG);
105
106         ### only initial requests (no To tag)
107
108         # CANCEL processing
109         if (is_method("CANCEL"))
110         {
111                 if (t_check_trans())
112                         t_relay();
113                 exit;
114         }
115
116         t_check_trans();
117
118         # authentication
119         route(AUTH);
120
121         # record routing for dialog forming requests (in case they are routed)
122         # - remove preloaded route headers
123         remove_hf("Route");
124         if (is_method("INVITE|SUBSCRIBE"))
125                 record_route();
126
127         # handle registrations
128         route(REGISTRAR);
129
130         if ($rU==$null)
131         {
132                 # request with no Username in RURI
133                 sl_send_reply("484","Address Incomplete");
134                 exit;
135         }
136
137         # user location service
138         route(LOCATION);
139
140         route(RELAY);
141 }
142
143 route[RELAY] {
144         if (!t_relay()) {
145                 sl_reply_error();
146         }
147         exit;
148 }
149
150 # Per SIP request initial checks
151 route[REQINIT] {
152         if (!mf_process_maxfwd_header("10")) {
153                 sl_send_reply("483","Too Many Hops");
154                 exit;
155         }
156
157         if(!sanity_check("1511", "7"))
158         {
159                 xlog("Malformed SIP message from $si:$sp\n");
160                 exit;
161         }
162 }
163
164 # Handle requests within SIP dialogs
165 route[WITHINDLG] {
166         if (has_totag()) {
167                 # sequential request withing a dialog should
168                 # take the path determined by record-routing
169                 if (loose_route()) {
170                         route(RELAY);
171                 } else {
172                         if ( is_method("ACK") ) {
173                                 if ( t_check_trans() ) {
174                                         # no loose-route, but stateful ACK;
175                                         # must be an ACK after a 487
176                                         # or e.g. 404 from upstream server
177                                         t_relay();
178                                         exit;
179                                 } else {
180                                         # ACK without matching transaction...
181                                         # ignore and discard
182                                         exit;
183                                 }
184                         }
185                         sl_send_reply("404","Not here");
186                 }
187                 exit;
188         }
189 }
190
191 # Handle SIP registrations
192 route[REGISTRAR] {
193         if (is_method("REGISTER"))
194         {
195                 if (!save("location"))
196                         sl_reply_error();
197
198                 exit;
199         }
200 }
201
202 # USER location service
203 route[LOCATION] {
204         if (!lookup("location")) {
205                 $var(rc) = $rc;
206                 t_newtran();
207                 switch ($var(rc)) {
208                         case -1:
209                         case -3:
210                                 send_reply("404", "Not Found");
211                                 exit;
212                         case -2:
213                                 send_reply("405", "Method Not Allowed");
214                                 exit;
215                 }
216         }
217 }
218
219 # Authentication route
220 route[AUTH] {
221         if (is_method("REGISTER") || from_uri==myself)
222         {
223                 # authenticate requests
224                 if (!auth_check("$fd", "subscriber", "1")) {
225                         auth_challenge("$fd", "0");
226                         exit;
227                 }
228                 # user authenticated - remove auth header
229                 if(!is_method("REGISTER|PUBLISH"))
230                         consume_credentials();
231         }
232         # if caller is not local subscriber, then check if it calls
233         # a local destination, otherwise deny, not an open relay here
234         if (from_uri!=myself && uri!=myself)
235         {
236                 sl_send_reply("403","Not relaying");
237                 exit;
238         }
239 }
240
241 event_route[xhttp:request] {
242         if ($Rp != "80" && $Rp != "443") {
243                 xlog("L_WARN", "HTTP request received on $Rp\n");
244                 xhttp_reply("403", "Forbidden", "", "");
245                 exit;
246         }
247
248         xlog("L_INFO", "HTTP Request Received\n");
249
250         if ($hdr(Upgrade)=~"websocket"
251                         && $hdr(Connection)=~"Upgrade"
252                         && $rm=~"GET") {
253                 xlog("L_INFO", "WebSocket\n");
254                 xlog("L_INFO", " Host: $hdr(Host)\n");
255                 xlog("L_INFO", " Origin: $hdr(Origin)\n");
256
257                 if ($hdr(Host) == $null || !is_myself($hdr(Host))) {
258                         xlog("L_WARN", "Bad host $hdr(Host)\n");
259                         xhttp_reply("403", "Forbidden", "", "");
260                         exit;
261                 }
262
263                 # Optional... validate Origin
264                 # Optional... perform HTTP authentication
265
266                 ws_handle_handshake();
267         }
268
269         xhttp_reply("404", "Not found", "", "");
270 }