Navigation


source: freeDiameter/doc/freediameter.conf.sample @ 1400:1409e693fa0f

Last change on this file since 1400:1409e693fa0f was 1400:1409e693fa0f, checked in by Thomas Klausner <tk@giga.or.at>, 11 months ago

Document IncomingQueueLimit?, OutgoingQueueLimit?, and LocalQueueLimit?

File size: 11.7 KB
Line 
1# This is a sample configuration file for freeDiameter daemon.
2
3# Most of the options can be omitted, as they default to reasonable values.
4# Only TLS-related options must be configured properly in usual setups.
5
6# It is possible to use "include" keyword to import additional files
7# e.g.: include "/etc/freeDiameter.d/*.conf"
8# This is exactly equivalent as copy & paste the content of the included file(s)
9# where the "include" keyword is found.
10
11
12##############################################################
13##  Peer identity and realm
14
15# The Diameter Identity of this daemon.
16# This must be a valid FQDN that resolves to the local host.
17# Default: hostname's FQDN
18#Identity = "aaa.koganei.freediameter.net";
19
20# The Diameter Realm of this daemon.
21# Default: the domain part of Identity (after the first dot).
22#Realm = "koganei.freediameter.net";
23
24##############################################################
25##  Transport protocol configuration
26
27# The port this peer is listening on for incoming connections (TCP and SCTP).
28# Default: 3868. Use 0 to disable.
29#Port = 3868;
30
31# The port this peer is listening on for incoming TLS-protected connections (TCP and SCTP).
32# See TLS_old_method for more information about TLS flavours.
33# Note: we use TLS/SCTP instead of DTLS/SCTP at the moment. This will change in future version of freeDiameter.
34# Default: 5868. Use 0 to disable.
35#SecPort = 5868;
36
37# Use RFC3588 method for TLS protection, where TLS is negociated after CER/CEA exchange is completed
38# on the unsecure connection. The alternative is RFC6733 mechanism, where TLS protects also the
39# CER/CEA exchange on a dedicated secure port.
40# This parameter only affects outgoing connections.
41# The setting can be also defined per-peer (see Peers configuration section).
42# Default: use RFC6733 method with separate port for TLS.
43#TLS_old_method;
44
45# Disable use of TCP protocol (only listen and connect over SCTP)
46# Default : TCP enabled
47#No_TCP;
48
49# Disable use of SCTP protocol (only listen and connect over TCP)
50# Default : SCTP enabled
51#No_SCTP;
52# This option is ignored if freeDiameter is compiled with DISABLE_SCTP option.
53
54# Prefer TCP instead of SCTP for establishing new connections.
55# This setting may be overwritten per peer in peer configuration blocs.
56# Default : SCTP is attempted first.
57#Prefer_TCP;
58
59# Default number of streams per SCTP associations.
60# This setting may be overwritten per peer basis.
61# Default : 30 streams
62#SCTP_streams = 30;
63
64##############################################################
65##  Endpoint configuration
66
67# Disable use of IP addresses (only IPv6)
68# Default : IP enabled
69#No_IP;
70
71# Disable use of IPv6 addresses (only IP)
72# Default : IPv6 enabled
73#No_IPv6;
74
75# Specify local addresses the server must bind to
76# Default : listen on all addresses available.
77#ListenOn = "202.249.37.5";
78#ListenOn = "2001:200:903:2::202:1";
79#ListenOn = "fe80::21c:5ff:fe98:7d62%eth0";
80
81
82##############################################################
83##  Server configuration
84
85# How many Diameter peers are allowed to be connecting at the same time ?
86# This parameter limits the number of incoming connections from the time
87# the connection is accepted until the first CER is received.
88# Default: 5 unidentified clients in paralel.
89#ThreadsPerServer = 5;
90
91# If this host is used as relay or proxy, it can be useful to limit
92# connections from "outside" until enough processing nodes are available.
93# This parameter defines a regex pattern for recognizing such nodes;
94# Default: NO DEFAULT
95#ProcessingPeersPattern = "worker[0-9]*.example.com";
96
97# This next parameter defines how many of these processing peers
98# must be connected before CERs from other hosts are accepted.
99# If this is set, ProcessingPeersPattern must also be defined.
100# If unset or less than 1, ProcessingPeersPattern and this variable do nothing.
101# Default: 0
102#ProcessingPeersMinimum = 0;
103
104##############################################################
105##  TLS Configuration
106
107# TLS is managed by the GNUTLS library in the freeDiameter daemon.
108# You may find more information about parameters and special behaviors
109# in the relevant documentation.
110# http://www.gnu.org/software/gnutls/manual/
111
112# Credentials of the local peer
113# The X509 certificate and private key file to use for the local peer.
114# The files must contain PKCS-1 encoded RSA key, in PEM format.
115# (These parameters are passed to gnutls_certificate_set_x509_key_file function)
116# Default : NO DEFAULT
117#TLS_Cred = "<x509 certif file.PEM>" , "<x509 private key file.PEM>";
118TLS_Cred = "/etc/ssl/certs/freeDiameter.pem", "/etc/ssl/private/freeDiameter.key";
119
120# Certificate authority / trust anchors
121# The file containing the list of trusted Certificate Authorities (PEM list)
122# (This parameter is passed to gnutls_certificate_set_x509_trust_file function)
123# The directive can appear several times to specify several files.
124# Default : GNUTLS default behavior
125#TLS_CA = "<file.PEM>";
126
127# Certificate Revocation List file
128# The information about revoked certificates.
129# The file contains a list of trusted CRLs in PEM format. They should have been verified before.
130# (This parameter is passed to gnutls_certificate_set_x509_crl_file function)
131# Note: openssl CRL format might have interoperability issue with GNUTLS format.
132# Default : GNUTLS default behavior
133#TLS_CRL = "<file.PEM>";
134
135# GNU TLS Priority string
136# This string allows to configure the behavior of GNUTLS key exchanges
137# algorithms. See gnutls_priority_init function documentation for information.
138# You should also refer to the Diameter required TLS support here:
139#   http://tools.ietf.org/html/rfc6733#section-13.1
140# Default : "NORMAL"
141# Example: TLS_Prio = "NONE:+VERS-TLS1.1:+AES-128-CBC:+RSA:+SHA1:+COMP-NULL";
142#TLS_Prio = "NORMAL";
143
144# Diffie-Hellman parameters size
145# Set the number of bits for generated DH parameters
146# Valid value should be 768, 1024, 2048, 3072 or 4096.
147# (This parameter is passed to gnutls_dh_params_generate2 function,
148# it usually should match RSA key size)
149# Default : 1024
150#TLS_DH_Bits = 1024;
151
152# Alternatively, you can specify a file to load the PKCS#3 encoded
153# DH parameters directly from. This accelerates the daemon start
154# but is slightly less secure. If this file is provided, the
155# TLS_DH_Bits parameters has no effect.
156# Default : no default.
157#TLS_DH_File = "<file.PEM>";
158
159
160##############################################################
161##  Timers configuration
162
163# The Tc timer of this peer.
164# It is the delay before a new attempt is made to reconnect a disconnected peer.
165# The value is expressed in seconds. The recommended value is 30 seconds.
166# Default: 30
167#TcTimer = 30;
168
169# The Tw timer of this peer.
170# It is the delay before a watchdog message is sent, as described in RFC 3539.
171# The value is expressed in seconds. The default value is 30 seconds. Value must
172# be greater or equal to 6 seconds. See details in the RFC.
173# Default: 30
174#TwTimer = 30;
175
176##############################################################
177##  Applications configuration
178
179# Disable the relaying of Diameter messages?
180# For messages not handled locally, the default behavior is to forward the
181# message to another peer if any is available, according to the routing
182# algorithms. In addition the "0xffffff" application is advertised in CER/CEA
183# exchanges.
184# Default: Relaying is enabled.
185#NoRelay;
186
187# Number of server threads that can handle incoming messages at the same time.
188# Default: 4
189#AppServThreads = 4;
190
191# Number of server threads that can handle incoming message routing at the same time.
192# Default: 1
193#RoutingInThreads = 1;
194
195# Number of server threads that can handle outgoing message routing at the same time.
196# Default: 1
197#RoutingOutThreads= 1;
198
199# Maximum size of the incoming queue (messages queued after accepting
200# them from the network) before blocking
201# Default: 20
202#IncomingQueueLimit = 20;
203
204# Maximum size of the outgoing queue (messages queued for sending to
205# the network) before blocking
206# Default: 30
207#OutgoingQueueLimit = 30;
208
209# Maximum size of the local queue (messages queued for local handling)
210# before blocking
211# Default: 25
212#LocalQueueLimit = 25;
213
214# Other applications are configured by loaded extensions.
215
216##############################################################
217##  Extensions configuration
218
219#  The freeDiameter framework merely provides support for
220# Diameter Base Protocol. The specific application behaviors,
221# as well as advanced functions, are provided
222# by loadable extensions (plug-ins).
223#  These extensions may in addition receive the name of a
224# configuration file, the format of which is extension-specific.
225#
226# Format:
227#LoadExtension = "/path/to/extension" [ : "/optional/configuration/file" ] ;
228#
229# Examples:
230#LoadExtension = "extensions/sample.fdx";
231#LoadExtension = "extensions/sample.fdx":"conf/sample.conf";
232
233# Extensions are named as follow:
234# dict_* for extensions that add content to the dictionary definitions.
235# dbg_*  for extensions useful only to retrieve more information on the framework execution.
236# acl_*  : Access control list, to control which peers are allowed to connect.
237# rt_*   : routing extensions that impact how messages are forwarded to other peers.
238# app_*  : applications, these extensions usually register callbacks to handle specific messages.
239# test_* : dummy extensions that are useful only in testing environments.
240
241
242# The dbg_msg_dump.fdx extension allows you to tweak the way freeDiameter displays some
243# information about some events. This extension does not actually use a configuration file
244# but receives directly a parameter in the string passed to the extension. Here are some examples:
245## LoadExtension = "dbg_msg_dumps.fdx" : "0x1111"; # Removes all default hooks, very quiet even in case of errors.
246## LoadExtension = "dbg_msg_dumps.fdx" : "0x2222"; # Display all events with few details.
247## LoadExtension = "dbg_msg_dumps.fdx" : "0x0080"; # Dump complete information about sent and received messages.
248# The four digits respectively control: connections, routing decisions, sent/received messages, errors.
249# The values for each digit are:
250#  0 - default - keep the default behavior
251#  1 - quiet   - remove any specific log
252#  2 - compact - display only a summary of the information
253#  4 - full    - display the complete information on a single long line
254#  8 - tree    - display the complete information in an easier to read format spanning several lines.
255
256
257##############################################################
258##  Peers configuration
259
260#  The local server listens for incoming connections. By default,
261# all unknown connecting peers are rejected. Extensions can override this behavior (e.g., acl_wl).
262#
263#  In addition to incoming connections, the local peer can
264# be configured to establish and maintain connections to some
265# Diameter nodes and allow connections from these nodes.
266#  This is achieved with the ConnectPeer directive described below.
267#
268# Note that the configured Diameter Identity MUST match
269# the information received inside CEA, or the connection will be aborted.
270#
271# Format:
272#ConnectPeer = "diameterid" [ { parameter1; parameter2; ...} ] ;
273# Parameters that can be specified in the peer's parameter list:
274#  No_TCP; No_SCTP; No_IP; No_IPv6; Prefer_TCP; TLS_old_method;
275#  No_TLS;       # assume transparent security instead of TLS. DTLS is not supported yet (will change in future versions).
276#  Port = 5868;  # The port to connect to
277#  TcTimer = 30;
278#  TwTimer = 30;
279#  ConnectTo = "202.249.37.5";
280#  ConnectTo = "2001:200:903:2::202:1";
281#  TLS_Prio = "NORMAL";
282#  Realm = "realm.net"; # Reject the peer if it does not advertise this realm.
283# Examples:
284#ConnectPeer = "aaa.wide.ad.jp";
285#ConnectPeer = "old.diameter.serv" { TcTimer = 60; TLS_old_method; No_SCTP; Port=3868; } ;
286
287
288##############################################################
289## General settings
290
291# If Route-Record AVPs should be added in Answers.
292# Possible values: Always, Never
293# Default: Always
294#RouteRecordInAnswers = Never;
295
Note: See TracBrowser for help on using the repository browser.