turnserver服务器搭建

搭建环境：Ubuntu 16.04.6 LTS

下载并安装libevent-2.0

wget https://github.com/downloads/libevent/libevent/libevent-2.0.21-stable.tar.gz tar zxvf libevent-2.0.21-stable.tar.gz cd libevent-2.0.21-stable && ./configure make && make install

下载编译安装coturn

git clone https://github.com/coturn/coturn cd coturn ./configure make make install

查看是否安装成功

which turnserver

 

 

创建用户名和密码：

turnadmin -k -u demo -r hangzhou -p demo

生成：0xc74d8dd2c3dac2f1d40b57b9c33e644d （后面的配置文件需要用到用户名和密码）

配置文件

在/usr/local/etc/目录下有turnserver.conf.default，复制为turnserver.conf

cd /usr/local/etc/ cp turnserver.conf.default turnserver.conf

首先查看网卡,记录网卡名称和内网地址

​

 

 

签名证书

apt-get install openssl

cert和pkey配置的自签名证书用Openssl命令生成:

sudo openssl req -x509 -newkey rsa:2048 -keyout /etc/turn_server_pkey.pem -out /etc/turn_server_cert.pem -days 99999 -nodes

填写相关信息随便写。

生成的两个文件一般在/etc/目录下​

 

 

修改配置信息

vi /usr/local/etc/turnserver.conf

listening-ip与relay-ip采用内网ip，external-ip是外网的ip

正常使用的配置文件：

//***********************************************************************//

listening-device=enp4s3 #与前ifconfig查到的网卡名称一致

relay-device=enp4s3 #与前ifconfig查到的网卡名称一致

listening-ip=192.168.10.206 #内网IP

listening-port=3478

tls-listening-port=5349

relay-ip=192.168.10.206 #内网IP

external-ip=115.238.103.171 #公网IP

relay-threads=50

lt-cred-mech

static-auth-secret=demo

user=demo:0x7a24c8f6e22650e49726a2e96ee902b7 #用户名密码，创建IceServer时用

userdb=/etc/turnuserdb.conf

#max-bps=102400

pidfile=”/var/run/turnserver.pid”

no-loopback-peers

no-multicast-peers

sha256

mobility

no-cli

cert=/etc/turn_server_cert.pem

pkey=/etc/turn_server_pkey.pem

stale-nonce

use-auth-secret

Verbose

fingerprint

//**************************************************************************************//

字段说明：

listening-port: turnserver监听UDP/TCP端口,默认为3478;

tls-listening-port: turnserver监听TLS/DTLS端口,默认为5349,

将TCP/UDP和TLS/DTLS分别定义监听端口是符合RFC5766规范的,但是通过配置两者能使用同一端口,不推荐;

listening-ip: 中继服务器的监听IP地址,可以配置多个;

relay-ip: 中继服务器的IP地址;

external-ip: 外部IP,当中继服务器在NAT网络内部时指定,此处可以不添加;

server-name: 服务器名称,用于OAuth认证,默认和realm相同;

realm: 域名;

userdb: 用于保存用户信息;

cert/pkey: 自签名证书相关;

开启turnserver，执行命令

cd /coturn/bin

turnserver -v -r 外网IP:3478 -a -o

turnserver -v -r 115.238.103.171:3478 -a -o

运行结果：

root@ubuntu:/home/wowjoy/coturn/bin# ./myrun.sh

0: log file opened: /var/log/turn_626_2020-04-21.log

0: Listener address to use: 192.168.10.206

0: WARNING: Options -b, –userdb and –db are not supported because SQLite is not supported in this build.

0: Bad configuration format: no-loopback-peers

0: Config file found: /usr/local/etc/turnserver.conf

0: Bad configuration format: no-loopback-peers

0:

RFC 3489/5389/5766/5780/6062/6156 STUN/TURN Server

Version Coturn-4.5.1.1 ‘dan Eider’

0:

Max number of open files/sockets allowed for this process: 1048576

0:

Due to the open files/sockets limitation,

max supported number of TURN Sessions possible is: 524000 (approximately)

0:

==== Show him the instruments, Practical Frost: ====

0: TLS supported

0: DTLS supported

0: DTLS 1.2 supported

0: TURN/STUN ALPN supported

0: Third-party authorization (oAuth) supported

0: GCM (AEAD) supported

0: OpenSSL compile-time version: OpenSSL 1.0.2g 1 Mar 2016 (0x1000207f)

0:

0: SQLite is not supported

0: Redis supported

0: PostgreSQL supported

0: MySQL supported

0: MongoDB is not supported

0:

0: Default Net Engine version: 3 (UDP thread per CPU core)

=====================================================

0: Domain name:

0: Default realm: 192.168.10.206:3478

0: SSL23: Certificate file found: /etc/turn_server_cert.pem

0: SSL23: Private key file found: /etc/turn_server_pkey.pem

0: TLS1.0: Certificate file found: /etc/turn_server_cert.pem

0: TLS1.0: Private key file found: /etc/turn_server_pkey.pem

0: TLS1.1: Certificate file found: /etc/turn_server_cert.pem

0: TLS1.1: Private key file found: /etc/turn_server_pkey.pem

0: TLS1.2: Certificate file found: /etc/turn_server_cert.pem

0: TLS1.2: Private key file found: /etc/turn_server_pkey.pem

0: TLS cipher suite: DEFAULT

0: DTLS: Certificate file found: /etc/turn_server_cert.pem

0: DTLS: Private key file found: /etc/turn_server_pkey.pem

0: DTLS1.2: Certificate file found: /etc/turn_server_cert.pem

0: DTLS1.2: Private key file found: /etc/turn_server_pkey.pem

0: DTLS cipher suite: DEFAULT

0: Relay address to use: 192.168.10.206

root@ubuntu:/home/wowjoy/coturn/bin#

ICE测试

只有relay地址回来的是你的ip才算穿透成功。

https://webrtc.github.io/samples/src/content/peerconnection/trickle-ice/