一、下载依赖库(非必须)
yum install -y make auomake gcc cc gcc-c++ wget
yum install -y openssl-devel libevent libevent-devel mysql-devel mysql-server
wget https://github.com/downloads/libevent/libevent/libevent-2.0.21-stable.tar.gz
tar xvfz libevent-2.0.21-stable.tar.gz
cd libevent-2.0.21-stable && ./configure
make && make install && cd ..
二、下载安装turnserver(在http://turnserver.open-sys.org/downloads/页面选择合适版本下载,这里载3.2.3.95)
wget http://turnserver.open-sys.org/downloads/v3.2.3.95/turnserver-3.2.3.95.tar.gz
tar -xvzf turnserver-3.2.3.95.tar.gz
cd turnserver-3.2.3.95
./configure
make && make install
三、创建配置文件
cp /usr/local/etc/turnserver.conf.default /etc/turnserver.conf
cp /usr/local/etc/turnuserdb.conf.default /etc/turnuserdb.conf(非必须)
四、编辑配置turnserverconf
external-ip=54.95.37.26/172.31.43.68 (前者为服务器公网ip,后者为内网IP)
fingerprint (开启指纹)
lt-cred-mech (开启长期验证机制)
user=testuser:123456 (设置一个测试用户名及密码)
五、端口开放
3478(tcp 、udp),5349(tcp、udp),49152-65535(udp)
六、开启turnserver
turnserver -v -r foo.org -c /etc/turnserver.conf (-f参数必须)
七、测试
1、官网测试:https://webrtc.github.io/samples/src/content/peerconnection/trickle-ice/
add server之后,点击gather candidates,这个工具如果测试不成功或
2、candidates type:host:本机物理网卡或逻辑网卡地址和端口 srflx:发送Binding请求到STUN/TURN Server经过NAT时,NAT上分配的地址和端口
prflx:端发送Binding请求到对等端经过NAT时,NAT上分配的地址和端口 relay:端发送Allocate请求到TURN Server,由TURN server用于中继的地址和端口
3、测试:代码测试(html页面) 打开开发工具如在控制台输出The TURN server is reachable ! is TURN server active? yes 即表示服务器正常
<html>
<header>
<title>ice测试</title>
</header>
<body>
<label for="serverAddress"></label>
<input id="serverAddress" value="turn:127.0.0.1:13902"/>
<br/>
<label for="username"></label><input id="username" value="foo"/>
<br/>
<label for="password"></label><input id="password" value="bar"/>
<br/>
<button onclick="window.test()">Test</button>
<script>
function checkTURNServer(turnConfig, timeout) {
return new Promise(function (resolve, reject) {
let promiseResolved;
setTimeout(function () {
if (promiseResolved) return;
resolve(false);
promiseResolved = true;
}, timeout || 5000);
promiseResolved = false;
let myPeerConnection = window.RTCPeerConnection || window.mozRTCPeerConnection || window.webkitRTCPeerConnection //compatibility for firefox and chrome
, pc = new myPeerConnection({iceServers: [turnConfig]})
, noop = function () {
};
pc.createDataChannel(""); //create a bogus data channel
pc.createOffer({}).then((offer) => {
if (offer.sdp.indexOf('typ relay') > -1) { // sometimes sdp contains the ice candidates...
promiseResolved = true;
resolve(true);
}
pc.setLocalDescription(offer)
})
pc.onicecandidate = function (ice) { //listen for candidate events
if (promiseResolved || !ice || !ice.candidate
|| !ice.candidate.candidate
|| !(ice.candidate.candidate.indexOf('typ relay') > -1)) return;
console.log("ice candidate=", ice.candidate)
// If a relay candidate was found, notify that the TURN server works!
if (ice.candidate.type === "relay") {
console.log("The TURN server is reachable !");
}
promiseResolved = true;
resolve(true);
};
});
}
window.test = () => {
let serverAddress = document.getElementById("serverAddress").value;
let username = document.getElementById("username").value;
let password = document.getElementById("password").value;
console.log("Trigger ice test. Server address=", serverAddress,
", username=", username, ", password=", password)
checkTURNServer({
urls: serverAddress,
username: username,
credential: password
}).then(function (bool) {
console.log('is TURN server active? ', bool ? 'yes' : 'no');
}).catch(console.error.bind(console));
}
</script>
</body>
</html>
4、http://你自己的公网ip:3478/ 输出 TURN Server即表示正常
5、命令行测试 turnutils_uclient -v -u testuser -w 123456 54.249.95.226(外网ip)
turnserver的终端出现以下类似结果,则显示测试成功
830: handle_udp_packet: New UDP endpoint: local addr 172.31.33.19:3478, remote addr 54.249.95.226:37748
830: session 003000000000000001: user <>: incoming packet message processed, error 401: Unauthorised
830: IPv4. Local relay addr: 172.31.33.19:55550
830: IPv4. Local reserved relay addr: 172.31.33.19:55551
830: session 003000000000000001: new, username=<testuser>, lifetime=800
830: session 003000000000000001: user <testuser>: incoming packet ALLOCATE processed, success
830: session 003000000000000001: refreshed, username=<testuser>, lifetime=600
830: session 003000000000000001: user <testuser>: incoming packet REFRESH processed, success
830: handle_udp_packet: New UDP endpoint: local addr 172.31.33.19:3478, remote addr 54.249.95.226:33309
830: session 003000000000000002: user <>: incoming packet message processed, error 401: Unauthorised
八、signal服务中使用它,还需要修改相关配置
external-ip=54.249.95.226/172.31.43.68 (前者为服务器公网ip,后者为内网IP)
fingerprint (开启指纹)
lt-cred-mech (开启长期验证机制)
use-auth-secret (开启secret形式授权 )
static-auth-secret=12345(# 设置secret,这个和signal服务配置文件里的turnserver的secret要一致,最好复杂点,注意最后别留空格
九、守护进程运行turnserver
turnserver -v -r foo.org -c /etc/turnserver.conf -o
# 后台运行的话下面这句
# nohup turnserver -c etc/turnserver.conf &
十、开机启动配置
1、创建turnserver.service文件,内容如下
[Unit]
Description=turnserver for webrtc
After=network.target
[Service]
Type=forking
User=tester
Group=tester
ExecStart=/home/tester/coturn/coturn/bin/turnserver -o -a -f -user=test:123456 -r Hangzhou
Restart=always
RestartSec=5
[Install]
WantedBy=multi-user.target
2、拷贝文件 cp turnserver.service /lib/systemd/system/
3、重新加载 systemctl daemon-reload
4、检查是否加载成功 systemctl list-unit-files --type=service | grep turn 返回正常显示turnserver相关内容
trunserver.service disabled
5、运行: systemctl status turnserver.service
6、检测状态:systemctl status turnserver.service