一、下載依賴庫(非必須)
yum install -y make auomake gcc cc gcc-c++ wget
yum install -y openssl-devel libevent libevent-devel mysql-devel mysql-server
wget https://github.com/downloads/libevent/libevent/libevent-2.0.21-stable.tar.gz
tar xvfz libevent-2.0.21-stable.tar.gz
cd libevent-2.0.21-stable && ./configure
make && make install && cd ..
二、下載安裝turnserver(在http://turnserver.open-sys.org/downloads/頁面選擇合適版本下載,這里載3.2.3.95)
wget http://turnserver.open-sys.org/downloads/v3.2.3.95/turnserver-3.2.3.95.tar.gz
tar -xvzf turnserver-3.2.3.95.tar.gz
cd turnserver-3.2.3.95
./configure
make && make install
三、創(chuàng)建配置文件
cp /usr/local/etc/turnserver.conf.default /etc/turnserver.conf
cp /usr/local/etc/turnuserdb.conf.default /etc/turnuserdb.conf(非必須)
四、編輯配置turnserverconf
external-ip=54.95.37.26/172.31.43.68 (前者為服務(wù)器公網(wǎng)ip,后者為內(nèi)網(wǎng)IP)
fingerprint (開啟指紋)
lt-cred-mech (開啟長期驗證機(jī)制)
user=testuser:123456 (設(shè)置一個測試用戶名及密碼)
五、端口開放
3478(tcp 、udp),5349(tcp、udp),49152-65535(udp)
六、開啟turnserver
turnserver -v -r foo.org -c /etc/turnserver.conf (-f參數(shù)必須)
七、測試
1、官網(wǎng)測試:https://webrtc.github.io/samples/src/content/peerconnection/trickle-ice/
add server之后,點擊gather candidates,這個工具如果測試不成功或
2、candidates type:host:本機(jī)物理網(wǎng)卡或邏輯網(wǎng)卡地址和端口 srflx:發(fā)送Binding請求到STUN/TURN Server經(jīng)過NAT時,NAT上分配的地址和端口
prflx:端發(fā)送Binding請求到對等端經(jīng)過NAT時,NAT上分配的地址和端口 relay:端發(fā)送Allocate請求到TURN Server,由TURN server用于中繼的地址和端口
3、測試:代碼測試(html頁面) 打開開發(fā)工具如在控制臺輸出The TURN server is reachable ! is TURN server active? yes 即表示服務(wù)器正常
<html>
<header>
<title>ice測試</title>
</header>
<body>
<label for="serverAddress"></label>
<input id="serverAddress" value="turn:127.0.0.1:13902"/>
<br/>
<label for="username"></label><input id="username" value="foo"/>
<br/>
<label for="password"></label><input id="password" value="bar"/>
<br/>
<button onclick="window.test()">Test</button>
<script>
function checkTURNServer(turnConfig, timeout) {
return new Promise(function (resolve, reject) {
let promiseResolved;
setTimeout(function () {
if (promiseResolved) return;
resolve(false);
promiseResolved = true;
}, timeout || 5000);
promiseResolved = false;
let myPeerConnection = window.RTCPeerConnection || window.mozRTCPeerConnection || window.webkitRTCPeerConnection //compatibility for firefox and chrome
, pc = new myPeerConnection({iceServers: [turnConfig]})
, noop = function () {
};
pc.createDataChannel(""); //create a bogus data channel
pc.createOffer({}).then((offer) => {
if (offer.sdp.indexOf('typ relay') > -1) { // sometimes sdp contains the ice candidates...
promiseResolved = true;
resolve(true);
}
pc.setLocalDescription(offer)
})
pc.onicecandidate = function (ice) { //listen for candidate events
if (promiseResolved || !ice || !ice.candidate
|| !ice.candidate.candidate
|| !(ice.candidate.candidate.indexOf('typ relay') > -1)) return;
console.log("ice candidate=", ice.candidate)
// If a relay candidate was found, notify that the TURN server works!
if (ice.candidate.type === "relay") {
console.log("The TURN server is reachable !");
}
promiseResolved = true;
resolve(true);
};
});
}
window.test = () => {
let serverAddress = document.getElementById("serverAddress").value;
let username = document.getElementById("username").value;
let password = document.getElementById("password").value;
console.log("Trigger ice test. Server address=", serverAddress,
", username=", username, ", password=", password)
checkTURNServer({
urls: serverAddress,
username: username,
credential: password
}).then(function (bool) {
console.log('is TURN server active? ', bool ? 'yes' : 'no');
}).catch(console.error.bind(console));
}
</script>
</body>
</html>
4、http://你自己的公網(wǎng)ip:3478/ 輸出 TURN Server即表示正常
5、命令行測試 turnutils_uclient -v -u testuser -w 123456 54.249.95.226(外網(wǎng)ip)
turnserver的終端出現(xiàn)以下類似結(jié)果,則顯示測試成功
830: handle_udp_packet: New UDP endpoint: local addr 172.31.33.19:3478, remote addr 54.249.95.226:37748
830: session 003000000000000001: user <>: incoming packet message processed, error 401: Unauthorised
830: IPv4. Local relay addr: 172.31.33.19:55550
830: IPv4. Local reserved relay addr: 172.31.33.19:55551
830: session 003000000000000001: new, username=<testuser>, lifetime=800
830: session 003000000000000001: user <testuser>: incoming packet ALLOCATE processed, success
830: session 003000000000000001: refreshed, username=<testuser>, lifetime=600
830: session 003000000000000001: user <testuser>: incoming packet REFRESH processed, success
830: handle_udp_packet: New UDP endpoint: local addr 172.31.33.19:3478, remote addr 54.249.95.226:33309
830: session 003000000000000002: user <>: incoming packet message processed, error 401: Unauthorised
八、signal服務(wù)中使用它,還需要修改相關(guān)配置
external-ip=54.249.95.226/172.31.43.68 (前者為服務(wù)器公網(wǎng)ip,后者為內(nèi)網(wǎng)IP)
fingerprint (開啟指紋)
lt-cred-mech (開啟長期驗證機(jī)制)
use-auth-secret (開啟secret形式授權(quán) )
static-auth-secret=12345(# 設(shè)置secret,這個和signal服務(wù)配置文件里的turnserver的secret要一致,最好復(fù)雜點,注意最后別留空格
九、守護(hù)進(jìn)程運行turnserver
turnserver -v -r foo.org -c /etc/turnserver.conf -o
# 后臺運行的話下面這句
# nohup turnserver -c etc/turnserver.conf &
十、開機(jī)啟動配置
1、創(chuàng)建turnserver.service文件,內(nèi)容如下
[Unit]
Description=turnserver for webrtc
After=network.target
[Service]
Type=forking
User=tester
Group=tester
ExecStart=/home/tester/coturn/coturn/bin/turnserver -o -a -f -user=test:123456 -r Hangzhou
Restart=always
RestartSec=5
[Install]
WantedBy=multi-user.target
2、拷貝文件 cp turnserver.service /lib/systemd/system/
3、重新加載 systemctl daemon-reload
4、檢查是否加載成功 systemctl list-unit-files --type=service | grep turn 返回正常顯示turnserver相關(guān)內(nèi)容
trunserver.service disabled
5、運行: systemctl status turnserver.service
6、檢測狀態(tài):systemctl status turnserver.service