親測有效,有問題,歡迎留言。
搭建環境:Ubuntu 16.04.6 LTS
- 下載並安裝libevent-2.0
wget https://github.com/downloads/libevent/libevent/libevent-2.0.21-stable.tar.gz tar zxvf libevent-2.0.21-stable.tar.gz cd libevent-2.0.21-stable && ./configure make && make install
- 下載編譯安裝coturn
git clone https://github.com/coturn/coturn cd coturn ./configure make make install
- 查看是否安裝成功
which turnserver
創建用戶名和密碼:
turnadmin -k -u demo -r hangzhou -p demo
生成:0xc74d8dd2c3dac2f1d40b57b9c33e644d (后面的配置文件需要用到用戶名和密碼)
- 配置文件
在/usr/local/etc/目錄下有turnserver.conf.default,復制為turnserver.conf
cd /usr/local/etc/ cp turnserver.conf.default turnserver.conf
首先查看網卡,記錄網卡名稱和內網地址
- 簽名證書
apt-get install openssl
cert和pkey配置的自簽名證書用Openssl命令生成:
sudo openssl req -x509 -newkey rsa:2048 -keyout /etc/turn_server_pkey.pem -out /etc/turn_server_cert.pem -days 99999 -nodes
填寫相關信息隨便寫。
生成的兩個文件一般在/etc/目錄下
- 修改配置信息
vi /usr/local/etc/turnserver.conf
listening-ip與relay-ip采用內網ip,external-ip是外網的ip
正常使用的配置文件:
//***********************************************************************//
listening-device=enp4s3 #與前ifconfig查到的網卡名稱一致
relay-device=enp4s3 #與前ifconfig查到的網卡名稱一致
listening-ip=192.168.10.206 #內網IP
listening-port=3478
tls-listening-port=5349
relay-ip=192.168.10.206 #內網IP
external-ip=115.238.103.171 #公網IP
relay-threads=50
lt-cred-mech
static-auth-secret=demo
user=demo:0x7a24c8f6e22650e49726a2e96ee902b7 #用戶名密碼,創建IceServer時用
userdb=/etc/turnuserdb.conf
#max-bps=102400
pidfile="/var/run/turnserver.pid"
no-loopback-peers
no-multicast-peers
sha256
mobility
no-cli
cert=/etc/turn_server_cert.pem
pkey=/etc/turn_server_pkey.pem
stale-nonce
use-auth-secret
Verbose
fingerprint
//**************************************************************************************//
字段說明:
listening-port: turnserver監聽UDP/TCP端口,默認為3478;
tls-listening-port: turnserver監聽TLS/DTLS端口,默認為5349,
將TCP/UDP和TLS/DTLS分別定義監聽端口是符合RFC5766規范的,但是通過配置兩者能使用同一端口,不推薦;
listening-ip: 中繼服務器的監聽IP地址,可以配置多個;
relay-ip: 中繼服務器的IP地址;
external-ip: 外部IP,當中繼服務器在NAT網絡內部時指定,此處可以不添加;
server-name: 服務器名稱,用於OAuth認證,默認和realm相同;
realm: 域名;
userdb: 用於保存用戶信息;
cert/pkey: 自簽名證書相關;
- 開啟turnserver,執行命令
cd /coturn/bin
turnserver -v -r 外網IP:3478 -a -o
turnserver -v -r 115.238.103.171:3478 -a -o
運行結果:
root@ubuntu:/home/wowjoy/coturn/bin# ./myrun.sh
0: log file opened: /var/log/turn_626_2020-04-21.log
0: Listener address to use: 192.168.10.206
0: WARNING: Options -b, --userdb and --db are not supported because SQLite is not supported in this build.
0: Bad configuration format: no-loopback-peers
0: Config file found: /usr/local/etc/turnserver.conf
0: Bad configuration format: no-loopback-peers
0:
RFC 3489/5389/5766/5780/6062/6156 STUN/TURN Server
Version Coturn-4.5.1.1 'dan Eider'
0:
Max number of open files/sockets allowed for this process: 1048576
0:
Due to the open files/sockets limitation,
max supported number of TURN Sessions possible is: 524000 (approximately)
0:
==== Show him the instruments, Practical Frost: ====
0: TLS supported
0: DTLS supported
0: DTLS 1.2 supported
0: TURN/STUN ALPN supported
0: Third-party authorization (oAuth) supported
0: GCM (AEAD) supported
0: OpenSSL compile-time version: OpenSSL 1.0.2g 1 Mar 2016 (0x1000207f)
0:
0: SQLite is not supported
0: Redis supported
0: PostgreSQL supported
0: MySQL supported
0: MongoDB is not supported
0:
0: Default Net Engine version: 3 (UDP thread per CPU core)
=====================================================
0: Domain name:
0: Default realm: 192.168.10.206:3478
0: SSL23: Certificate file found: /etc/turn_server_cert.pem
0: SSL23: Private key file found: /etc/turn_server_pkey.pem
0: TLS1.0: Certificate file found: /etc/turn_server_cert.pem
0: TLS1.0: Private key file found: /etc/turn_server_pkey.pem
0: TLS1.1: Certificate file found: /etc/turn_server_cert.pem
0: TLS1.1: Private key file found: /etc/turn_server_pkey.pem
0: TLS1.2: Certificate file found: /etc/turn_server_cert.pem
0: TLS1.2: Private key file found: /etc/turn_server_pkey.pem
0: TLS cipher suite: DEFAULT
0: DTLS: Certificate file found: /etc/turn_server_cert.pem
0: DTLS: Private key file found: /etc/turn_server_pkey.pem
0: DTLS1.2: Certificate file found: /etc/turn_server_cert.pem
0: DTLS1.2: Private key file found: /etc/turn_server_pkey.pem
0: DTLS cipher suite: DEFAULT
0: Relay address to use: 192.168.10.206
root@ubuntu:/home/wowjoy/coturn/bin#
- ICE測試
只有relay地址回來的是你的ip才算穿透成功。
https://webrtc.github.io/samples/src/content/peerconnection/trickle-ice/
