B. NGCP configs overview

1. config.yml Overview

/etc/ngcp-config/config.yml is the main configuration YAML file used by Sipwise NGCP. After every changes it need to run the command ngcpcfg apply my commit message to apply changes (followed by ngcpcfg push in the PRO version to apply changes to sp2). The following is a brief description of the main variables contained into /etc/ngcp-config/config.yml file.

1.1. apps

This section contains parameters for the additional applications that may be activated on sip:provider CE.

apps:
  malicious_call: no
  • malicious_call: if set to yes, the Malicious Call Identification (MCID) application will be enabled

1.2. asterisk

The following is the asterisk section:

asterisk:
  log:
    facility: local6
  rtp:
    maxport: 20000
    minport: 10000
  sip:
    bindport: 5070
    dtmfmode: rfc2833
  voicemail:
    enable: 'no'
    fromstring: 'Voicemail server'
    greeting:
      busy_custom_greeting: '/home/user/file_no_extension'
      busy_overwrite_default: 'no'
      busy_overwrite_subscriber: 'no'
      unavail_custom_greeting: '/home/user/file_no_extension'
      unavail_overwrite_default: 'no'
      unavail_overwrite_subscriber: 'no'
    mailbody: 'You have received a new message from ${VM_CALLERID} in voicebox ${VM_MAILBOX} on ${VM_DATE}.'
    mailsubject: '[Voicebox] New message ${VM_MSGNUM} in voicebox ${VM_MAILBOX}'
    max_msg_length: 180
    maxgreet: 60
    maxmsg: 30
    maxsilence: 0
    min_msg_length: 3
    normalize_match: '^00|\+([1-9][0-9]+)$'
    normalize_replace: '$1'
    serveremail: voicebox@sip.sipwise.com
  • log.facility: rsyslog facility for asterisk log, defined in /etc/asterisk/logger.conf.
  • rtp.maxport: RTP maximum port used by asterisk.
  • rtp.minport: RTP minimun port used by asterisk.
  • sip.bindport: SIP asterisk internal bindport.
  • voicemail.greetings.*: set the audio file path for voicemail custom unavailable/busy greetings
  • voicemail.mailbody: Mail body for incoming voicemail.
  • voicemail.mailsubject: Mail subject for incoming voicemail.
  • voicemail.max_msg_length: Sets the maximum length of a voicemail message, in seconds.
  • voicemail.maxgreet: Sets the maximum length of voicemail greetings, in seconds.
  • voicemail.maxmsg: Sets the maximum number of messages that may be kept in any voicemail folder.
  • voicemail.min_msg_length: Sets the minimun length of a voicemail message, in seconds.
  • voicemail.maxsilence: Maxsilence defines how long Asterisk will wait for a contiguous period of silence before terminating an incoming call to voice mail. The default value is 0, which means the silence detector is disabled and the wait time is infinite.
  • voicemail.serveremail: Provides the email address from which voicemail notifications should be sent.
  • voicemail.normalize_match: Regular expression to match the From number for calls to voicebox.
  • voicemail.normalize_replace: Replacement string to return, in order to match an existing voicebox.

1.3. autoprov

The following is the autoprovisioning section:

autoprov:
  hardphone:
    skip_vendor_redirect: 'no'
  server:
    bootstrap_port: 1445
    ca_certfile: '/etc/ngcp-config/ssl/client-auth-ca.crt'
    host: localhost
    port: 1444
    server_certfile: '/etc/ngcp-config/ssl/myserver.crt'
    server_keyfile: '/etc/ngcp-config/ssl/myserver.key'
    ssl_enabled: 'yes'
  softphone:
    config_lockdown: 0
    webauth: 0
  • autoprov.skip_vendor_redirect: Skip phone vendor redirection to the vendor provisioning web site.

1.4. backuptools

The following is the backup tools section:

backuptools:
  cdrexport_backup:
    enable: 'no'
  etc_backup:
    enable: 'no'
  mail:
    address: noc@company.org
    error_subject: '[ngcp-backup] Problems detected during daily backup'
    log_subject: '[ngcp-backup] Daily backup report'
    send_errors: 'no'
    send_log: 'no'
  mysql_backup:
    enable: 'no'
    exclude_dbs: 'syslog sipstats information_schema'
  rotate_days: 7
  storage_dir: '/var/backup/ngcp_backup'
  temp_backup_dir: '/tmp/ngcp_backup'
  • backuptools.cdrexport_backup.enable: Enable backup of cdrexport (.csv) directory.
  • backuptools.etc_backup.enable: Enable backup of /etc/* directory.
  • backuptools.mail.address: Destination email address for backup emails.
  • backuptools.mail.error_subject: Subject for error emails.
  • backuptools.mail.log_subjetc: Subject for daily backup report.
  • backuptools.mail.send_error: Send daily backup error report.
  • backuptools.mail.send_log: Send daily backup log report.
  • backuptools.mysql_backup.enable: Enable daily mysql backup.
  • backuptools.mysql_backup.exclude_dbs: exclude mysql databases from backup.
  • backuptools.rotate_days: Number of days backup files should be kept. All files older than specified number of days are deleted from the storage directory.
  • backuptools.storage_dir: Storage directory of backups.
  • backuptools.temp_backup_dir: Temporary storage directory of backups.

1.5. cdrexport

The following is the cdr export section:

cdrexport:
  daily_folder: 'yes'
  export_failed: 'no'
  export_incoming: 'no'
  exportpath: '/home/jail/home/cdrexport'
  full_names: 'yes'
  monthly_folder: 'yes'
  • cdrexport.daily_folder:: Set yes if you want to create a daily folder for CDRs under the configured path.
  • cdrexport.export_failed: Export CDR for failed calls.
  • cdrexport.export_incoming: Export CDR for incoming calls.
  • cdrexport.exportpath: The path to store CDRs in .csv format.
  • cdrexport.full_names: Use full namen for CDRs instead of short ones.
  • cdrexport.monthly_folder: Set yes if you want to create a monthly folder (ex. 201301 for January 2013) for CDRs under configured path.

1.6. checktools

The following is the check tools section:

checktools:
  collcheck:
    cpuidle: 0.1
    dfused: 0.9
    eximmaxqueue: 15
    loadlong: 2
    loadmedium: 2
    loadshort: 3
    maxage: 600
    memused: 0.7
    siptimeout: 15
    swapfree: 0.5
  active_check_enable: 1
  asr_ner_statistics: 1
  exim_check_enable: 0
  force: 0
  kamailio_check_concurrent_calls_enable: 0
  kamailio_check_dialog_active_enable: 1
  kamailio_check_dialog_early_enable: 1
  kamailio_check_dialog_incoming_enable: 1
  kamailio_check_dialog_local_enable: 1
  kamailio_check_dialog_outgoing_enable: 1
  kamailio_check_dialog_relay_enable: 1
  kamailio_check_shmem_enable: 1
  kamailio_check_usrloc_regdevices_enable: 1
  kamailio_check_usrloc_regusers_enable: 1
  mpt_check_enable: 1
  mysql_check_enable: 1
  mysql_check_replication: 1
  oss_check_provisioned_subscribers_enable: 1
  sip_check_enable: 1
  sipstats_check_num_packets: 1
  sipstats_check_num_packets_perday: 1
  sipstats_check_partition_size: 1
  snmpd:
    communities:
      public:
        - localhost
    trap_communities:
      public:
        - localhost
  • checktools.collcheck.cpuidle: Sets the minimum value for CPU usage (0.1 means 10%).
  • checktools.collcheck.dfused: Sets the maximun value for DISK usage (0.9 means 90%).
  • checktools.collcheck.loadlong/loadlong/loadshort: Max values for load (long, short, medium term).
  • checktools.collcheck.maxage: Max age in seconds.
  • checktools.collcheck.memused: Sets the maximun value for MEM usage (0.7 means 70%).
  • checktools.collcheck.siptimeout: Max timeout for sip options.
  • checktools.collcheck.swapfree: Sets the minimun value for SWAP free (0.5 means 50%).
  • checktools.exim_check_enable: Exim queue check plugin for collectd.
  • checktools.active_check_enable: Active node check plugin for collectd.
  • checktools.asr_ner_statistics: enable/Disable ASR/NER statistics.
  • checktools.force: Perform checks even if not active from ngcp-check_active command.
  • checktools.kamailio_check_*: Enable/Disable SNMP collective check pluglin for Kamailio.
  • checktools.mpt_check_enable: MPT raid SNMP check plugin.
  • checktools.mysql_check_enable: MySQL SNMP check plugin.
  • checktools.mysql_check_replication: MySQL replication check.
  • checktools.oss_check_provisioned_subscribers_enable: OSS provisioned subscribers count plugin.
  • checktools.sip_check_enable/sipstats_check_*: Enable/Disable SIP check plugins.
  • checktools.snmpd.communities: Sets the SNMP community and sources (separated by comma , - ex. source: 127.0.0.1, 10.10.10.2, 10.10.10.3).
  • checktools.snmpd.trap_communities: Sets the SNMP TRAP community and destination sink (separated by comma , - ex. sink: 127.0.0.1, 10.10.10.2, 10.10.10.3).

1.7. cleanuptools

The following is the cleanup tools section:

cleanuptools:
  acc_cleanup_days: 90
  archive_targetdir: '/var/backups/cdr'
  binlog_days: 15
  cdr_archive_months: 2
  cdr_backup_months: 2
  cdr_backup_retro: 3
  compress: gzip
  delete_old_cdr_files:
    enabled: 'no'
    max_age_days: 30
    paths:
      -
        max_age_days: ~
        path: '/home/jail/home/*/20[0-9][0-9][0-9][0-9]/[0-9][0-9]'
        remove_empty_directories: 'yes'
        wildcard: 'yes'
      -
        max_age_days: ~
        path: '/home/jail/home/cdrexport/resellers/*/20[0-9][0-9][0-9][0-9]/[0-9][0-9]'
        remove_empty_directories: 'yes'
        wildcard: 'yes'
      -
        max_age_days: ~
        path: '/home/jail/home/cdrexport/system/20[0-9][0-9][0-9][0-9]/[0-9][0-9]'
        remove_empty_directories: 'yes'
        wildcard: 'yes'
  sql_batch: 10000
  trash_cleanup_days: 30
  • cleanuptools.acc_cleanup_days: CDR records in acc table in kamailio database will be deleted after this time
  • cleanuptools.binlog_days: Time after MySQL binlogs will be deleted.
  • cleanuptools.cdr_archive_months: How many months worth of records to keep in monthly CDR backup tables, instead of dumping them into archive files and dropping them from database.
  • cleanuptools.cdr_backup_months: How many months worth of records to keep in the current cdr table, instead of moving them into the monthly CDR backup tables.
  • cleanuptools.cdr_backup_retro: How many months to process for backups, going backwards in time and skipping cdr_backup_months months first, and store them in backup tables. Any older record will be left untouched.
  • cleanuptools.delete_old_cdr_files:

    • enabled: Enable (yes) or disable (no) exported CDR cleanup.
    • max_age_days: Gives the expiration time of the exported CDR files in days. There is a general value which may be overridden by a local value provided at a specific path. The local value is valid for the particular path only.
    • paths: an array of path definitions

      • path: a path where CDR files are to be found and deleted; this may contain wildcard characters
      • wildcard: Enable (yes) or disable (no) using wildcards in the path
      • remove_empty_directories: Enable (yes) or disable (no) removing empty directories if those are found in the given path
      • max_age_days: the local expiration time value for files in the particular path
  • cleanuptools.sql_batch: How many records to process within a single SQL statement.
  • cleanuptools.trash_cleanup_days: Time after CDRs from acc_trash and acc_backup tables in kamailio database will be deleted.

For the description of cleanuptools please visit Cleanuptools Description Section 13.4, “Accounting Data (CDR) Cleanup” section of the handbook.

1.8. cluster_sets

The following is the cluster sets section:

cluster_sets:
  default:
    dispatcher_id: 50
  default_set: default
  type: central
  • cluster_sets.<label>: an arbitrary label of the cluster set; in the above example we have default
  • cluster_sets.<label>.dispatcher_id: a unique, numeric value that identifies a particular cluster set
  • cluster_sets.default_set: selects the default cluster set
  • cluster_sets.type: the type of cluster set; can be central or distributed

1.9. database

The following is the database section:

database:
  bufferpoolsize: 24768M
  • database.bufferpoolsize: Innodb_buffer_pool_size value in /etc/mysql/my.cnf

1.10. faxserver

The following is the fax server section:

faxserver:
  enable: yes
  fail_attempts: '3'
  fail_retry_secs: '60'
  mail_from: 'Sipwise NGCP FaxServer <voipfax@ngcp.sipwise.local>'
  • faxserver.enable: yes/no to enable or disable ngcp-faxserver on the platform respectively.
  • faxserver.fail_attempts: Amount of attempts to send a fax after which it is marked as failed.
  • faxserver.fail_retry_secs: Amount of seconds to wait between "fail_attemts".
  • faxserver.mail_from: Sets the e-mail From Header for incoming fax.

1.11. general

The following is the general section:

general:
  adminmail: adjust@example.org
  companyname: sipwise
  lang: en
  • general.adminmail: Email address used by monit to send notifications to.
  • general.lang: Sets sounds language (e.g: de for German)

1.12. heartbeat

The following is the heartbeat section:

heartbeat:
  hb_watchdog:
    action_max: 5
    enable: 'yes'
    interval: 10
    transition_max: 10
  pingnodes:
    - 10.60.1.1
    - 192.168.3.4
  • heartbeat.hb_watchdog.enable: Enable heartbeat watchdog in order to prevent and fix split brain scenario.
  • heartbeat.hb_watchdog.action_max: Max errors before taking any action.
  • heartbeat.hb_watchdog.interval: Interval in secs for the check.
  • heartbeat.hb_watchdog.transition_max: Max checks in transition state.
  • heartbeat.pingnodes: List of pingnodes for heartbeat. Minimun 2 entries, otherwise by default NGCP will set the default gateway and DNS servers as pingnodes.

1.13. intercept

The following is the legal intercept section:

intercept:
  captagent:
    port: 18090
    schema: http
  enabled: 'no'
  • intercept.captagent.enable: Enable captagent for Lawful Interception (addiotional NGCP module).

1.14. kamailio

The following is the kamailio section:

kamailio:
  lb:
    debug: 'no'
    extra_sockets: ~
    max_forwards: 70
    nattest_exception_ips:
      - 1.2.3.4
      - 5.6.7.8
    pkg_mem: 16
    port: 5060
    security:
      dos_ban_enable: 'yes'
      dos_ban_time: 300
      dos_reqs_density_per_unit: 50
      dos_sampling_time_unit: 5
      dos_whitelisted_ips: ~
      dos_whitelisted_subnets: ~
      failed_auth_attempts: 3
      failed_auth_ban_enable: 'yes'
      failed_auth_ban_time: 3600
    shm_mem: 2012
    start: 'yes'
    strict_routing_safe: 'no'
    tcp_children: 8
    tcp_max_connections: 2048
    tls:
      enable: 'no'
      port: 5061
      sslcertfile: '/etc/kamailio/kamailio-selfsigned.pem'
      sslcertkeyfile: '/etc/kamailio/kamailio-selfsigned.key'
    udp_children: 8
    use_dns_cache: 'on'
  proxy:
    allow_info_method: 'no'
    allow_peer_relay: 'no'
    allow_refer_method: 'no'
    authenticate_bye: 'no'
    cf_depth_limit: 10
    children: 8
    debug: 'no'
    default_expires: 3600
    enum_suffix: e164.arpa.
    filter_100rel_from_supported: 'yes'
    filter_failover_response: '408|500|503'
    fritzbox:
      enable: 'no'
      prefixes:
        - 0$avp(caller_ac)
        - $avp(caller_cc)$avp(caller_ac)
        - '\+$avp(caller_cc)$avp(caller_ac)'
        - 00$avp(caller_cc)$avp(caller_ac)
      special_numbers:
        - 112
        - 110
        - 118[0-9]{2}
    foreign_domain_via_peer: 'no'
    ignore_auth_realm: 'no'
    keep_original_to: 'no'
    lnp:
      api:
        invalid_lnp_routing_codes:
          - ^EE00
          - ^DD00
        lnp_request_blacklist: []
        lnp_request_whitelist: []
        request_timeout: '1000'
      enabled: no
      type: api
    max_expires: 43200
    max_gw_lcr: 128
    max_registrations_per_subscriber: 5
    min_expires: 60
    nathelper_dbro: 'no'
    natping_interval: 30
    natping_processes: 7
    nonce_expire: 300
    pbx:
      hunt_display_indicator: '[h]'
    perform_peer_lcr: 0
    pkg_mem: 16
    port: 5062
    presence:
      enable: 'yes'
      max_expires: '3600'
      reginfo_domain: example.org
    proxy_lookup: 'no'
    set_ruri_to_peer_auth_realm: 'no'
    shm_mem: 64
    start: 'yes'
    tcp_children: 4
    use_enum: 'no'
    usrloc_dbmode: 1
  • kamailio.lb.debug: Enable intensive debug level.
  • kamailio.lb.extra_sockets: Add here extra sockets for Load Balancer.
  • kamailio.lb.max_forwards: Set the value for the Max Forwards SIP header for outgoing messages.
  • kamailio.lb.nattest_exception_ips: List of IPs that don’t need the NAT test.
  • kamailio.lb.shm_mem: Shared memory used by Kamailio Load Balancer.
  • kamailio.lb.pkg_mem: PKG memory used by Kamailio Load Balancer.
  • kamailio.lb.security.dos_ban_enable: Enable/Disable DoS Ban.
  • kamailio.lb.security.dos_ban_time: Sets the ban time.
  • kamailio.lb.security.dos_reqs_density_per_unit:: Sets the requests density per unit (if we receive more then * lb.dos_reqs_density_per_unit within dos_sampling_time_unit the user will be banned).
  • kamailio.lb.security.dos_sampling_time_unit: Sets the DoS unit time.
  • kamailio.lb.security.dos_whitelisted_ips: Write here the whitelisted IPs.
  • kamailio.lb.security.failed_auth_attempts: Sets how many authentication attempts allowed before ban.
  • kamailio.lb.security.failed_auth_ban_enable: Enable/Disable authentication ban.
  • kamailio.lb.security.failed_auth_ban_time: Sets how long a user/IP has be banned.
  • kamailio.lb.strict_routing_safe: Enable strict routing handle feature.
  • kamailio.lb.tls.enable: Enable TLS socket.
  • kamailio.lb.tls.port: Set TLS listening port.
  • kamailio.lb.tls.sslcertificate: Path for the SSL certificate.
  • kamailio.lb.tls.sslcertkeyfile: Path for the SSL key file.
  • kamailio.proxy.allow_info_method: Allow INFO method.
  • kamailio.proxy.allow_peer_relay: Allow peer relay. Call coming from a peer that doesn’t matcha a local subscriber will try to go out again, matching the peering rules.
  • kamailio.proxy.allow_refer_method: Allow REFER method. Enable it with caution.
  • kamailio.proxy.authenticate_bye: Enable BYE authentication.
  • kamailio.proxy.cf_depth_limit: CF loop detector. How many CF loops are allowed before drop the call.
  • kamailio.proxy.debug: Enable intensive debug level.
  • kamailio.proxy.default_expires: Default expires value in seconds for REGISTER messages.
  • kamailio.proxy.foreign_domain_via_peer: Enable calls to foreign domains via peers.
  • kamailio.proxy.shm_mem: Shared memory used by Kamailio Proxy.
  • kamailio.proxy.pkg_mem: PKG memory used by Kamailio Proxy.
  • kamailio.proxy.enum_suffix: Sets ENUM suffix - don’t forget . (dot).
  • kamailio.proxy.filter_100rel_from_supported: Enable filtering of 100rel from Supported header, to disable PRACK.
  • kamailio.proxy.filter_failover_response: Response codes with no failover routing required.
  • kamailio.proxy.fritzbox.enable: Enable detection for Fritzbox special numbers. Ex. Fritzbox add some prefix to emergency numbers.
  • kamailio.proxy.fritzbox.prefixes: Fritybox prefixes to check. Ex. 0$avp(caller_ac)
  • kamailio.proxy.fritzbox.special_numbers: Specifies Fritzbox special number patterns. They will be checked with the prefixes defined. Ex. 112, so the performed check will be sip:0$avp(caller_ac)112@ if prefix is 0$avp(caller_ac)
  • kamailio.proxy.ignore_auth_realm: Ignore SIP authentication realm.
  • kamailio.proxy.keep_original_to: Not used now.
  • kamailio.proxy.lnp.enabled: Enable/disable LNP (local number portability) lookup during call setup
  • kamailio.proxy.lnp.type: method of LNP lookup; valid values are: local (local LNP database) and api (LNP lookup through external gateways). PLEASE NOTE: the api type of LNP lookup is only available for NGCP PRO / CARRIER installations.
  • kamailio.proxy.lnp.api.invalid_lnp_routing_codes [only for api type]: number matching pattern for routing numbers that represent invalid call destinations; an announcement is played in that case and the call is dropped
  • kamailio.proxy.lnp.api.lnp_request_whitelist [only for api type]: list of matching patterns of called numbers for which LNP lookup must be done
  • kamailio.proxy.lnp.api.lnp_request_blacklist [only for api type]: list of matching patterns of called numbers for which LNP lookup must not be done
  • kamailio.proxy.lnp.api.request_timeout [only for api type]: timeout in milliseconds while Proxy waits for the response of an LNP query from Sipwise LNP daemon
  • kamailio.proxy.max_expires: Sets the maximum expires in seconds for registration.
  • kamailio.proxy.max_gw_lcr: Defines the maximum number of gateways in lcr_gw table
  • kamailio.proxy.max_registrations_per_subscriber: Sets the maximum registration per subscribers.
  • kamailio.proxy.min_expires: Sets the minimum expires in seconds for registration.
  • kamailio.proxy.natping_interval: Sets the NAT ping interval in seconds.
  • kamailio.proxy.nathelper_dbro: Defaul is "no". This will be "yes" on CARRIER in order to activate the use of a read-only connection using LOCAL_URL
  • kamailio.proxy.nonce_expire: Nonce expire time in seconds.
  • kamailio.proxy.perform_peer_lcr: Enable/Disable Least Cost Routing based on peering fees.
  • kamailio.proxy.port: SIP listening port.
  • kamailio.proxy.presence.enable: Enable/disable presence feature
  • kamailio.proxy.presence.max_expires: Sets the maximum expires value for PUBLISH/SUBSCRIBE message. Defines expiration of the presentity record.
  • kamailio.proxy.presence.reginfo_domain: Set FQDN of the NGCP domain used in callback for mobile push.
  • kamailio.proxy.set_ruri_to_peer_auth_realm: Set R-URI using peer auth realm
  • kamailio.proxy.use_enum: Enable/Disable ENUM feature.

1.15. mediator

The following is the mediator section:

mediator:
  interval: 10
  • mediator.interval: Running interval of mediator.

1.16. modules

The following is the modules section:

modules:
  - enable: no
    name: dummy
    options: numdummies=2
  • modules: list of configs needed for load kernel modules on boot.
  • enable: Enable/disable loading of the specific module (yes/no)
  • name: kernel module name
  • options: kernel module options if needed

1.17. nginx

The following is the nginx section:

nginx:
  status_port: 8081
  xcap_port: 1080
  • nginx.status_port: Status port used by nginx server
  • nginx.xcap_port: XCAP port used by nginx server

1.18. ntp

The following is the ntp server section:

ntp:
  servers:
    - 0.debian.pool.ntp.org
    - 1.debian.pool.ntp.org
    - 2.debian.pool.ntp.org
    - 3.debian.pool.ntp.org
  • ntp.servers: Define your NTP server list.

1.19. ossbss

The following is the ossbss section:

ossbss:
  apache:
    port: 2443
    proxyluport: 1080
    restapi:
      sslcertfile: '/etc/ngcp-panel/api_ssl/api_ca.crt'
      sslcertkeyfile: '/etc/ngcp-panel/api_ssl/api_ca.key'
    serveradmin: support@sipwise.com
    servername: "\"myserver\""
    ssl_enable: 'yes'
    sslcertfile: '/etc/ngcp-config/ssl/myserver.crt'
    sslcertkeyfile: '/etc/ngcp-config/ssl/myserver.key'
  frontend: 'no'
  htpasswd:
    -
      pass: '{SHA}w4zj3mxbmynIQ1jsUEjSkN2z2pk='
      user: ngcpsoap
  logging:
    apache:
      acc:
        facility: daemon
        identity: oss
        level: info
      err:
        facility: local7
        level: info
    ossbss:
      facility: local0
      identity: provisioning
      level: DEBUG
    web:
      facility: local0
      level: DEBUG
  provisioning:
    allow_ip_as_domain: 1
    allow_numeric_usernames: 0
    auto_allow_cli: 1
    carrier:
      account_distribution_function: roundrobin
      prov_distribution_function: roundrobin
    credit_warnings:
      -
        domain: example.com
        recipients:
          - nobody@example.com
        threshold: 1000
    faxpw_min_char: 0
    log_passwords: 0
    no_logline_truncate: 0
    pw_min_char: 6
    routing:
      ac_regex: '[1-9]\d{0,4}'
      cc_regex: '[1-9]\d{0,3}'
      sn_regex: '[1-9]\d+'
    tmpdir: '/tmp'
  • ossbss.frontend: Enable disable SOAP interface. Set value to fcgi to enable old SOAP interface.
  • ossbss.htpasswd: Sets the username and SHA hashed password for SOAP access. You can generate the password using the following command: htpasswd -nbs myuser mypassword.
  • ossbss.provisioning.allow_ip_as_domain: Allow or not allow IP address as SIP domain (0 is not allowed).
  • ossbss.provisioning.allow_numeric_usernames: Allow or not allow numeric SIP username (0 is not allowed).
  • ossbss.provisioning.faxpw_min_char: Minimum number of characters for fax passwords.
  • ossbss.provisioning.pw_min_char: Minimum number of characters for sip passwords.
  • ossbss.provisioning.log_password: Enable logging of passwords.
  • ossbss.provisioning.routing: Regexp for allowed AC (Area Code), CC (Country Code) and SN (Subscriber Number).

1.20. pbx (only with additional cloud PBX module installed)

The following is the PBX section:

pbx:
  bindport: 5085
  enable: 'no'
  highport: 55000
  lowport: 50001
  media_processor_threads: 10
  session_processor_threads: 10
  xmlrpcport: 8095
  • pbx.enable: Enable Cloud PBX module.

1.21. prosody

The following is the prosody section:

prosody:
  ctrl_port: 5582
  log_level: info
  • prosody.ctrl_port: XMPP server control port.
  • prosody.log_level: Prosody loglevel.

1.22. pushd

The following is the pushd section:

pushd:
  apns:
    certificate: '/etc/ngcp-config/ssl/PushChatCert.pem'
    enable: yes
    endpoint: gateway.push.apple.com
    feedback_endpoint: feedback.push.apple.com
    feedback_interval: 3600
    key: '/etc/ngcp-config/ssl/PushChatKey.pem'
    socket_timeout: 0
  enable: yes
  gcm:
    enable: yes
    key: 'google_api_key_here'
    priority:
      call: high
      groupchat: normal
      invite: normal
      message: normal
  one_device_per_subscriber: no
  port: 45060
  processes: 4
  ssl: yes
  sslcertfile: /etc/ngcp-config/ssl/CAsigned.crt
  sslcertkeyfile: /etc/ngcp-config/ssl/CAsigned.key
  unique_device_ids: no
  • pushd.enable: Enable/Disable the Push Notification feature.
  • pushd.apns.certificate: Specify the Apple certificate for push notification https requests from the NGCP to an endpoint.
  • pushd.apns.enable: Enable/Disable Apple push notification.
  • pushd.apns.key: Specify the Apple key for push notification https requests from the NGCP to an endpoint.
  • pushd.gcm.enable: Enable/Disable Google push notification.
  • pushd.gcm.key: Specify the Google key for push notification https requests from the NGCP to an endpoint.
  • pushd.ssl: The security protocol the NGCP uses for https requests from the app in the push notification process.
  • pushd.sslcertfile: The trusted certificate file purchased from a CA
  • pushd.sslcertkeyfile: The key file that purchased from a CA
  • pushd.unique_device_ids: Allows a subscriber to register the app and have the push notification enabled on more than one mobile device.

1.23. qos

The following is the QOS section:

qos:
  tos_rtp: 184
  tos_sip: 184
  • qos.tos_rtp: TOS value for RTP traffic.
  • qos.tos_sip: TOS value for SIP traffic.

1.24. rate-o-mat

The following is the rate-o-mat section:

rateomat:
  enable: 'yes'
  loopinterval: 10
  splitpeakparts: 0
  • rateomat.enable: Enable/Disable Rate-o-mat
  • rateomat.loopinterval: How long we shall sleep before looking for unrated CDRs again.
  • rateomat.splitpeakparts: Whether we should split CDRs on peaktime borders.

1.25. redis

The following is the redis section:

redis:
  database_amount: 16
  port: 6379
  syslog_ident: redis
  • redis.database_amout: Set the number of databases in redis. The default database is DB 0.
  • redis.port: Accept connections on the specified port, default is 6379
  • redis.syslog_ident: Specify the syslog identity.

1.26. reminder

The following is the reminder section:

reminder:
  retries: 2
  retry_time: 60
  sip_fromdomain: voicebox.sipwise.local
  sip_fromuser: reminder
  wait_time: 30
  weekdays: '2, 3, 4, 5, 6, 7'
  • reminder.retries: How many times the reminder feature have to try to call you.
  • reminder.retry_time: Seconds between retries.
  • reminder.wait_time: Seconds to wait for an answer.

1.27. rsyslog

The following is the rsyslog section:

rsyslog:
  elasticsearch:
    action:
      resumeretrycount: '-1'
    bulkmode: 'on'
    dynSearchIndex: 'on'
    enable: 'yes'
    queue:
      dequeuebatchsize: 300
      size: 5000
      type: linkedlist
  external_address:
  external_log: 0
  external_loglevel: warning
  external_port: 514
  external_proto: udp
  ngcp_logs_preserve_days: 93
  • rsyslog.elasticsearch.enable: Enable/Disable Elasticsearch web interface
  • rsyslog.external_address: Set the remote rsyslog server.
  • rsyslog.ngcp_logs_preserve_days: Specify how many days to preserve old rotated log files in /var/log/ngcp/old path.

1.28. rtpproxy

The following is the rtp proxy section:

rtpproxy:
  allow_userspace_only: yes
  enabled: yes
  log_level: '6'
  maxport: '40000'
  minport: '30000'
  prefer_bind_on_internal: no
  recording:
    enabled: no
    mp3_bitrate: '48000'
    nfs_host: 192.168.1.1
    nfs_remote_path: /var/recordings
    output_dir: /var/lib/rtpengine-recording
    output_format: wav
    output_mixed: yes
    output_single: yes
    resample: no
    resample_to: '16000'
    spool_dir: /var/spool/rtpengine
  rtp_timeout: '60'
  rtp_timeout_onhold: '3600'
  • rtpproxy.allow_userspace_only: Enable/Disable the user space failover for rtpengine (yes means enable). By default rtpengine works in kernel space.
  • rtpproxy.log_level: Verbosity of log messages. The default 6 logs everything except debug messages. Increase to 7 to log everything, or decrease to make logging more quiet.
  • rtpproxy.maxport: Maximum port used by rtpengine for RTP traffic.
  • rtpproxy.minport: Minimum port used by rtpengine for RTP traffic.
  • rtpproxy.recording.enabled: Enable support for call recording.
  • rtpproxy.recording.mp3_bitrate: If saving audio as MP3, bitrate of the output file.
  • rtpproxy.recording.nfs_host: Mount an NFS share from this host for storage.
  • rtpproxy.recording.nfs_remote_path: Remote path of the NFS share to mount.
  • rtpproxy.recording.output_dir: Local mount point for the NFS share.
  • rtpproxy.recording.output_format: Either wav for PCM output or mp3.
  • rtpproxy.recording.output_mixed: Create output audio files with all contributing audio streams mixed together.
  • rtpproxy.recording.output_single: Create separate audio files for each contributing audio stream.
  • rtpproxy.recording.resample: Resample all audio to a fixed bitrate (yes or no).
  • rtpproxy.recording.resample_to: If resampling is enabled, resample to this sample rate.
  • rtpproxy.recording.spool_dir: Local directory for temporary metadata file storage.
  • rtpproxy.rtp_timeout: Consider a call dead if no RTP is received for this long (60 seconds).
  • rtpproxy.rtp_timeout_onhold: Maximum limit in seconds for an onhold (1h).

1.29. security

The following is the security section. Usage of the firewall subsection is described in Section 14.2, “Firewalling”:

security:
  firewall:
    enable: no
    logging:
      days_kept: '7'
      enable: yes
      file: /var/log/firewall.log
      tag: NGCPFW
    nat_rules4: ~
    nat_rules6: ~
    policies:
      forward: DROP
      input: DROP
      output: ACCEPT
    rules4: ~
    rules6: ~
  • security.firewall.enable: Enable/disable iptables configuration and rule generation for IPv4 and IPv6 (default: no)
  • security.firewall.logging.days_kept: Number of days logfiles are kept on the system before being deleted (log files are rotated daily, default: 7)
  • security.firewall.logging.enable: Enables/disables logging of all packets dropped by the NGCP firewall (default: yes)
  • security.firewall.logging.file: File firewall log messages go to (default: /var/log/firewall.log)
  • security.firewall.logging.tag: String prepended to all log messages (internally DROP is added to any tag indicating the action triggering the message, default: NGCPFW)
  • security.firewall.nat_rules4: Optional list of IPv4 firewall rules added to table nat using iptables-persistent syntax (default: undef)
  • security.firewall.nat_rules6: Optional list of IPv6 firewall rules added to table nat using iptables-persistent syntax (default: undef)
  • security.firewall.policies.forward: Default policy for iptables FORWARD chain (default: DROP)
  • security.firewall.policies.input: Default policy for iptables INPUT chain (default: DROP)
  • security.firewall.policies.output: Default policy for iptables OUTPUT chain (default: ACCEPT)
  • security.firewall.rules4: Optional list of IPv4 firewall rules added to table filter using iptables-persistent syntax (default: undef)
  • security.firewall.rules6: Optional list of IPv6 firewall rules added to table filter using iptables-persistent syntax (default: undef)

1.30. sems

The following is the SEMS section:

sems:
  bindport: 5080
  conference:
    enable: 'yes'
    max_participants: 10
  debug: 'no'
  highport: 50000
  lowport: 40001
  media_processor_threads: 10
  prepaid:
    enable: 'yes'
  sbc:
    calltimer_enable: 'yes'
    calltimer_max: 3600
    outbound_timeout: 6000
    sdp_filter:
      codecs: PCMA,PCMU,telephone-event
      enable: 'yes'
      mode: whitelist
    session_timer:
      enable: 'yes'
      max_timer: 7200
      min_timer: 90
      session_expires: 300
  session_processor_threads: 10
  vsc:
    block_override_code: 80
    cfb_code: 90
    cfna_code: 93
    cft_code: 92
    cfu_code: 72
    clir_code: 31
    directed_pickup_code: 99
    enable: 'yes'
    park_code: 97
    reminder_code: 55
    speedial_code: 50
    unpark_code: 98
    voicemail_number: 2000
  xmlrpcport: 8090
  • sems.conference.enable: Enable/Disable conference feature.
  • sems.conference.max_participants: Sets the number of concurrent participant.
  • sems.highport: Maximum ports used by sems for RTP traffic.
  • sems.debug: Enable/Disable debug mode.
  • sems.lowport: Minimum ports used by sems for RTP traffic.
  • sems.prepaid.enable: Enable/Disable prepaid feature.
  • sems.sbc.calltimer_max: Sets the maximum call duration for inter-domain calls.
  • sems.sbc.outbound_timeout:: Sets the maximum call duration for outboud calls.
  • sems.sbc.session_timer.enable: Enable/Disable session timers (deprecated, use the web interface configuration).
  • sems.vsc.*: Define here the VSC codes.

1.31. snmpagent

The following is the SNMP Agent section:

snmpagent:
  daemonize: '1'
  debug: '0'
  update_interval: '30'
  • daemonize: Enable/Disable ngcp-snmp-agent daemonization.
  • debug: Enable/Disable debug output.
  • update_interval: Sets the interval in seconds used to update the fetched data.

1.32. sshd

The following is the sshd section:

sshd:
  listen_addresses:
    - 0.0.0.0
  • sshd: specify interface where SSHD should run on. By default sshd listens on all IPs found in network.yml with type ssh_ext. Unfortunately sshd can be limited to IPs only and not to interfaces. The current option makes it possible to specify allowed IPs (or all IPs with 0.0.0.0).

1.33. voisniff

The following is the voice sniffer section:

voisniff:
  admin_panel: 'no'
  daemon:
    bpf: 'port 5060 or 5062 or ip6 proto 44 or ip[6:2] & 0x1fff != 0'
    external_interfaces: 'eth0 eth1'
    filter:
      exclude:
        -
          active: 0
          case_insensitive: 1
          pattern: '\ncseq: *\d+ +(register|notify|options)'
      include: []
    internal_interfaces: lo
    mysql_dump_threads: 4
    start: 'no'
    threads_per_interface: 10
  partitions:
    increment: 700000
    keep: 10
  • voisniff.admin_panel: Enable/Disable SIP STATS on Admin interface. Default is no.
  • voisniff.deamon.external_interfaces: Define binding interfaces.
  • voisniff.deamon.start: Change to yes if you want voisniff start at boot. Default is no.

1.34. www_admin

The following is the WEB Admin interface (www_admin) section:

www_admin:
  ac_dial_prefix: 0
  apache:
    autoprov_port: 1444
  billing_features: 1
  callingcard_features: 0
  callthru_features: 0
  cc_dial_prefix: 00
  conference_features: 1
  contactmail: adjust@example.org
  dashboard:
    enabled: 1
  default_admin_settings:
    call_data: 0
    is_active: 1
    is_master: 0
    read_only: 0
    show_passwords: 1
  domain:
    preference_features: 1
    rewrite_features: 1
    vsc_features: 0
  fastcgi_workers: 2
  fax_features: 1
  fees_csv:
    element_order:
      - source
      - destination
      - direction
      - zone
      - zone_detail
      - onpeak_init_rate
      - onpeak_init_interval
      - onpeak_follow_rate
      - onpeak_follow_interval
      - offpeak_init_rate
      - offpeak_init_interval
      - offpeak_follow_rate
      - offpeak_follow_interval
      - use_free_time
  http_admin:
    autoprov_port: 1444
    port: 1443
    serveradmin: support@sipwise.com
    servername: "\"myserver\""
    ssl_enable: 'yes'
    sslcertfile: '/etc/ngcp-config/ssl/myserver.crt'
    sslcertkeyfile: '/etc/ngcp-config/ssl/myserver.key'
  http_csc:
    autoprov_bootstrap_port: 1445
    autoprov_port: 1444
    port: 443
    serveradmin: support@sipwise.com
    servername: "\"myserver\""
    ssl_enable: 'yes'
    sslcertfile: '/etc/ngcp-config/ssl/myserver.crt'
    sslcertkeyfile: '/etc/ngcp-config/ssl/myserver.key'
  logging:
    apache:
      acc:
        facility: daemon
        identity: oss
        level: info
      err:
        facility: local7
        level: info
  peer:
    preference_features: 1
  peering_features: 1
  security:
    password_allow_recovery: 0
    password_max_length: 40
    password_min_length: 6
    password_musthave_digit: 0
    password_musthave_lowercase: 1
    password_musthave_specialchar: 0
    password_musthave_uppercase: 0
    password_sip_autogenerate: 0
    password_sip_expose_subadmin: 1
    password_web_autogenerate: 0
    password_web_expose_subadmin: 1
  speed_dial_vsc_presets:
    vsc:
      - '*0'
      - '*1'
      - '*2'
      - '*3'
      - '*4'
      - '*5'
      - '*6'
      - '*7'
      - '*8'
      - '*9'
  subscriber:
    auto_allow_cli: 0
    extension_features: 0
  voicemail_features: 1
  • www_admin.http_admin.*: Define the Administration interface and certificates.
  • www_admin.http_csc.*: Define the Customers interface and certificates.
  • www_admin.contactmail: Email to show in the GUI’s Error page.