Turnserver服务器搭建

729次阅读
没有评论

Turnserver服务器搭建
TURN Server是VoIP媒体流量NAT穿越服务器和网关。它也可以用作通用网络流量TURN服务器和网关。在使用WebRTC++进行即时通讯时,需要使浏览器进行P2P通讯,但是由于NAT环境的复杂性,并不是所有情况下都能进行P2P,这时需要TURN Server来帮助客户端之间转发数据。

安装相关依赖
yum install -y make gcc cc gcc-c++ wget openssl-devel libevent libevent-devel

下载可以编译的源码包
这里我们下载最新的4.5.0.8
官方下载地址
wget https://coturn.net/turnserver/v4.5.0.8/turnserver-4.5.0.8.tar.gz

解压并进入目录
tar -zxvf turnserver-4.5.0.8.tar.gz
cd turnserver-4.5.0.8/

编译安装
./configure –prefix=/usr/local/turnserver # 指定安装的目录
make && make install

设置环境变量
编辑root目录下.bashrc文件

vim ~/.bashrc

插入一下内容
export turnserver_home=/usr/local/turnserver
export PATH=$PATH:$turnserver_home/bin

编辑配置文件
先找到配置文件位置

find /usr -name turnserver.conf

例:返回/usr/local/turnserver/share/examples/turnserver/etc/turnserver.conf
编辑配置文件

vim /usr/local/turnserver/share/examples/turnserver/etc/turnserver.conf

在配置文件末尾加入一下内容

listening-port=3478 # 监听的端口
listening-ip=x.x.x.x # 监听的内网IP
external-ip=x.x.x.x # 监听的外网IP

如果coturn使用了SQLlite作为存储 需要配置成功后生成用户名/密码

user=user:123456 # 设置账号密码

证书生成过程
安装openssl

yum install openssl

cert和pkey配置的自签名证书用Openssl命令生成:

openssl req -x509 -newkey rsa:2048 -keyout /usr/local/etc/turn_server_pkey.pem -out /usr/local/etc/turn_server_cert.pem -days 99999 -nodes

指定配置文件启动服务
turnserver -v -r user -a -o -c /usr/local/turnserver/share/examples/turnserver/etc/turnserver.conf

初次运行请使用非后台启动,会显示当前运行状态,如果有错误会直接显示在控制台上.

0: log file opened: /var/log/turn_21737_2021-08-17.log
0: Listener address to use: 172.31.10.177
0:
RFC 3489/5389/5766/5780/6062/6156 STUN/TURN Server
Version Coturn-4.5.0.8 ‘dan Eider’
0:
Max number of open files/sockets allowed for this process: 65535
0:
Due to the open files/sockets limitation,
max supported number of TURN Sessions possible is: 32500 (approximately)
0:

==== Show him the instruments, Practical Frost: ====

0: TLS supported
0: DTLS supported
0: DTLS 1.2 supported
0: TURN/STUN ALPN supported
0: Third-party authorization (oAuth) supported
0: GCM (AEAD) supported
0: OpenSSL compile-time version: OpenSSL 1.0.2k-fips 26 Jan 2017 (0x100020bf)
0:
0: SQLite supported, default database location is /usr/local/turnserver/var/db/turndb
0: Redis is not supported
0: PostgreSQL supported
0: MySQL is not supported
0: MongoDB is not supported
0:
0: Default Net Engine version: 3 (UDP thread per CPU core)

=====================================================

0: Domain name:
0: Default realm: user
0: Config file found: /usr/local/etc/turn_server_cert.pem
0: Config file found: /usr/local/etc/turn_server_pkey.pem
0: SSL23: Certificate file found: /usr/local/etc/turn_server_cert.pem
0: SSL23: Private key file found: /usr/local/etc/turn_server_pkey.pem
0: TLS1.0: Certificate file found: /usr/local/etc/turn_server_cert.pem
0: TLS1.0: Private key file found: /usr/local/etc/turn_server_pkey.pem
0: TLS1.1: Certificate file found: /usr/local/etc/turn_server_cert.pem
0: TLS1.1: Private key file found: /usr/local/etc/turn_server_pkey.pem
0: TLS1.2: Certificate file found: /usr/local/etc/turn_server_cert.pem
0: TLS1.2: Private key file found: /usr/local/etc/turn_server_pkey.pem
0: TLS cipher suite: DEFAULT
0: DTLS: Certificate file found: /usr/local/etc/turn_server_cert.pem
0: DTLS: Private key file found: /usr/local/etc/turn_server_pkey.pem
0: DTLS1.2: Certificate file found: /usr/local/etc/turn_server_cert.pem
0: DTLS1.2: Private key file found: /usr/local/etc/turn_server_pkey.pem
0: DTLS cipher suite: DEFAULT

验证监听
netstat -tunlp|grep 3478

注意事项
如果coturn使用了SQLlite作为存储 需要配置成功后生成用户名/密码 配置成功后生成用户名/密码
turnadmin -k -u -r -p //turnadmin -k -a -u user -r user -p 123456

coturn使用了SQLlite作为存储路径
SQLite supported, default database location is /usr/local/turnserver/var/db/turndb

coturn运行日志
/var/log/turn_21737_2021-08-17.log

如果使用的是阿里云或腾讯云的服务器,要开发对应端口的访问,关闭对应端口的防火墙
部分字段含义
listening-port: turnserver监听UDP/TCP端口,默认为3478;
tls-listening-port: turnserver监听TLS/DTLS端口,默认为5349,
将TCP/UDP和TLS/DTLS分别定义监听端口是符合RFC5766规范的,但是通过配置两者能使用同一端口,不推荐;
Listening-ip: 中继服务器的监听IP地址,可以配置多个;
relay-ip: 中继服务器的IP地址;
External-ip: 外部IP,当中继服务器在NAT网络内部时指定,此处可以不添加;
server-name: 服务器名称,用于OAuth认证,默认和realm相同;
realm: 域名;
Userdb: 用于保存用户信息;
cert/pkey: 自签名证书相关;

正文完
可以使用微信扫码关注公众号(ID:xzluomor)
post-qrcode
 
评论(没有评论)