咸鱼

咸鱼是以盐腌渍后,晒干的鱼

0%

WebRTC STUN&TURN 服务器

简介

coturn 是一个开源的 TURN/STUN 服务器,支持 P2P 穿透。

  • STUN 服务器用于获取设备的外部网络地址
  • TURN 服务器是在点对点失败后用于通信中继。

WebRTC 建立连接的步骤大概是这样的:

  1. 客户端(浏览器)直接尝试直连;
  2. 如果如果直连则通过 STUN 服务器进行穿透;
  3. 如果无法穿透则通过 TURN 服务器进行中转。

部署

  1. 安装编译依赖工具

    1
    $ sudo apt-get install build-essential libssl-dev openssl

    注意apt安装的openssl版本可能太老,会导致编译coturn失败,可以源码安装新版本openssl,参考【Ubuntu 16.04 LTS安装新版OpenSSL

  2. 安装依赖库libevent
    源码安装才是新版本

    1
    2
    3
    4
    5
    6
    $ wget https://github.com/libevent/libevent/releases
    /download/release-2.1.10-stable/libevent-2.1.10-stable.tar.gz
    $ tar -zxvf libevent-2.1.10-stable.tar.gz
    $ cd libevent-2.1.10-stable
    $ ./configure
    $ make & make install
  3. 安装数据库依赖sqlite
    这一步可以跳过,如果在这里安装sqlite的话,安装coturn会自动检查到。

    1
    $ sudo apt-get install sqlite libsqlite3-dev
  4. 安装coturn

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    40
    41
    42
    43
    44
    45
    46
    47
    48
    49
    50
    51
    52
    53
    54
    55
    56
    57
    58
    59
    60
    61
    62
    63
    64
    65
    66
    67
    68
    69
    70
    71
    72
    73
    74
    75
    76
    77
    78
    79
    80
    81
    82
    83
    84
    85
    86
    87
    88
    89
    90
    91
    92
    93
    94
    95
    96
    97
    98
    99
    100
    101
    102
    # 下载
    $ wget https://github.com/coturn/coturn/archive/4.5.1.1.tar.gz
    $ tar -zxvf 4.5.1.1.tar.gz
    $ cd coturn-4.5.1.1
    # 或者
    $ git clone https://github.com.cnpmjs.org/coturn/coturn

    # 编译安装
    # 4.5.1.1
    $ ./configure
    $ make
    $ sudo make install
    install -d /usr/local
    install -d /usr/local/bin
    install -d /usr/local/var/db
    install -d /usr/local/man/man1
    install -d /usr/local/etc
    install -d /usr/local/lib
    install -d /usr/local/share/examples/turnserver
    install -d /usr/local/share/doc/turnserver
    install -d /usr/local/share/turnserver
    install -d /usr/local/include/turn
    install bin/turnserver /usr/local/bin
    install bin/turnadmin /usr/local/bin
    install bin/turnutils_uclient /usr/local/bin
    install bin/turnutils_peer /usr/local/bin
    install bin/turnutils_stunclient /usr/local/bin
    install bin/turnutils_oauth /usr/local/bin
    install bin/turnutils_natdiscovery /usr/local/bin
    install man/man1/turnserver.1 /usr/local/man/man1/
    install man/man1/turnadmin.1 /usr/local/man/man1/
    install man/man1/turnutils.1 /usr/local/man/man1/
    install man/man1/turnutils_uclient.1 /usr/local/man/man1/
    install man/man1/turnutils_stunclient.1 /usr/local/man/man1/
    install man/man1/turnutils_oauth.1 /usr/local/man/man1/
    install man/man1/turnutils_natdiscovery.1 /usr/local/man/man1/
    install man/man1/turnutils_peer.1 /usr/local/man/man1/
    install man/man1/coturn.1 /usr/local/man/man1/
    install lib/libturnclient.a /usr/local/lib
    install LICENSE /usr/local/share/doc/turnserver
    install README.turnserver /usr/local/share/doc/turnserver
    install README.turnadmin /usr/local/share/doc/turnserver
    install README.turnutils /usr/local/share/doc/turnserver
    install INSTALL /usr/local/share/doc/turnserver
    install postinstall.txt /usr/local/share/doc/turnserver
    install turndb/schema.sql /usr/local/share/doc/turnserver
    install turndb/schema.sql /usr/local/share/turnserver
    install turndb/schema.mongo.sh /usr/local/share/doc/turnserver
    install turndb/schema.mongo.sh /usr/local/share/turnserver
    install turndb/testredisdbsetup.sh /usr/local/share/turnserver
    install turndb/testmongosetup.sh /usr/local/share/turnserver
    install turndb/testsqldbsetup.sql /usr/local/share/turnserver
    install turndb/schema.userdb.redis /usr/local/share/doc/turnserver
    install turndb/schema.userdb.redis /usr/local/share/turnserver
    install turndb/schema.stats.redis /usr/local/share/doc/turnserver
    install turndb/schema.stats.redis /usr/local/share/turnserver
    if [ -f sqlite/turndb ] ; then install sqlite/turndb /usr/local/var/db/turndb;
    fi install examples/etc/turnserver.conf /usr/local/etc/turnserver.conf.default
    cp -rpf examples/etc /usr/local/share/examples/turnserver
    cp -rpf examples/scripts /usr/local/share/examples/turnserver
    rm -rf /usr/local/share/examples/turnserver/scripts/rfc5769.sh
    cp -rpf include/turn/client /usr/local/include/turn
    install include/turn/ns_turn_defs.h /usr/local/include/turn
    cat /usr/local/share/doc/turnserver/postinstall.txt
    ==================================================================

    1) If your system supports automatic start-up system daemon services,
    then to enable the turnserver as a system service that is automatically
    started, you have to:

    a) Create and edit /etc/turnserver.conf or
    /usr/local/etc/turnserver.conf .
    Use /usr/local/etc/turnserver.conf.default as an example.

    b) For user accounts settings: set up SQLite or PostgreSQL or
    MySQL or MongoDB or Redis database for user accounts.
    Use /usr/local/share/turnserver/schema.sql as SQL database schema,
    or use /usr/local/share/turnserver/schema.userdb.redis as Redis
    database schema description and/or
    /usr/local/share/turnserver/schema.stats.redis
    as Redis status & statistics database schema description.

    If you are using SQLite, the default database location is in
    /var/db/turndb or in /usr/local/var/db/turndb or in /var/lib/turn/turndb

    c) add whatever is necessary to enable start-up daemon for the
    /usr/local/bin/turnserver.

    2) If you do not want the turnserver to be a system service,
    then you can start/stop it "manually", using the "turnserver"
    executable with appropriate options (see the documentation).

    3) To create database schema, use schema in file
    /usr/local/share/turnserver/schema.sql.

    4) For additional information, run:

    $ man turnserver
    $ man turnadmin
    $ man turnutils

    ==================================================================
  5. 配置coturn(重点)

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    $ cd /usr/local/etc
    $ cp turnserver.conf.default turnserver.conf
    $ openssl req -x509 -newkey rsa:2048 -keyout
    turn_server_pkey.pem -out turn_server_cert.pem -days 99999 -nodes

    $ ifconfig -a
    ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
    inet 192.168.0.115 netmask 255.255.255.0 broadcast 192.168.0.255
    inet6 fe80::5632:dfa1:378e:7570 prefixlen 64 scopeid 0x20<link>
    ether 00:0c:29:6c:a8:71 txqueuelen 1000 (Ethernet)
    RX packets 5037 bytes 6248464 (6.2 MB)
    RX errors 0 dropped 0 overruns 0 frame 0
    TX packets 2856 bytes 226651 (226.6 KB)
    TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

    lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
    inet 127.0.0.1 netmask 255.0.0.0
    inet6 ::1 prefixlen 128 scopeid 0x10<host>
    loop txqueuelen 1000 (Local Loopback)
    RX packets 1137 bytes 93030 (93.0 KB)
    RX errors 0 dropped 0 overruns 0 frame 0
    TX packets 1137 bytes 93030 (93.0 KB)
    TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

    无数据库配置,【配置参考】

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    40
    41
    42
    43
    44
    45
    46
    47
    48
    49
    50
    51
    52
    53
    54
    55
    56
    57
    58
    59
    60
    61
    62
    63
    64
    65
    66
    67
    68
    69
    70
    71
    72
    73
    74
    75
    76
    77
    78
    79
    80
    81
    82
    83
    84
    85
    86
    87
    88
    89
    90
    91
    92
    93
    94
    95
    96
    97
    98
    99
    100
    101
    102
    103
    104
    105
    106
    107
    108
    $ sudo vim turnserver.conf

    #与前ifconfig查到的网卡名称一致
    relay-device=ens33
    #内网IP
    listening-ip=192.168.0.115
    listening-port=3478
    tls-listening-port=5349
    relay-ip=192.168.0.115
    #公网IP
    external-ip=192.168.0.115
    relay-threads=10
    lt-cred-mech
    cert=/usr/local/etc/turn_server_cert.pem
    pkey=/usr/local/etc/turn_server_pkey.pem
    pidfile="/var/run/turnserver.pid"
    min-port=49152
    max-port=65535
    #用户名密码,创建IceServer时用
    user=test:123456
    cli-password=123456


    $ sudo turnserver -o -a -f -v -user=test:123456 -r MYTest
    0: log file opened: /var/log/turn_38651_2021-08-03.log
    0: Listener address to use: 127.0.0.1
    0: Relay address to use: 127.0.0.1
    0: Config file found: /usr/local/etc/turnserver.conf
    0:
    RFC 3489/5389/5766/5780/6062/6156 STUN/TURN Server
    Version Coturn-4.5.1.1 'dan Eider'
    0:
    Max number of open files/sockets allowed for this process: 1048576
    0:
    Due to the open files/sockets limitation,
    max supported number of TURN Sessions possible is: 524000 (approximately)
    0:

    ==== Show him the instruments, Practical Frost: ====

    0: TLS supported
    0: DTLS supported
    0: DTLS 1.2 supported
    0: TURN/STUN ALPN supported
    0: Third-party authorization (oAuth) supported
    0: GCM (AEAD) supported
    0: OpenSSL compile-time version: OpenSSL 1.1.1j 16 Feb 2021 (0x101010af)
    0:
    0: SQLite supported, default database location is /usr/local/var/db/turndb
    0: Redis is not supported
    0: PostgreSQL is not supported
    0: MySQL is not supported
    0: MongoDB is not supported
    0:
    0: Default Net Engine version: 3 (UDP thread per CPU core)

    =====================================================

    0: Domain name:
    0: Default realm: MyTest
    0: SSL23: Certificate file found: /usr/local/etc/turn_server_cert.pem
    0: SSL23: Private key file found: /usr/local/etc/turn_server_pkey.pem
    0: ERROR: set_ctx: ERROR: cannot set DH
    0: TLS1.0: Certificate file found: /usr/local/etc/turn_server_cert.pem
    0: TLS1.0: Private key file found: /usr/local/etc/turn_server_pkey.pem
    0: ERROR: set_ctx: ERROR: cannot set DH
    0: TLS1.1: Certificate file found: /usr/local/etc/turn_server_cert.pem
    0: TLS1.1: Private key file found: /usr/local/etc/turn_server_pkey.pem
    0: ERROR: set_ctx: ERROR: cannot set DH
    0: TLS1.2: Certificate file found: /usr/local/etc/turn_server_cert.pem
    0: TLS1.2: Private key file found: /usr/local/etc/turn_server_pkey.pem
    0: ERROR: set_ctx: ERROR: cannot set DH
    0: TLS cipher suite: DEFAULT
    0: DTLS: Certificate file found: /usr/local/etc/turn_server_cert.pem
    0: DTLS: Private key file found: /usr/local/etc/turn_server_pkey.pem
    0: ERROR: set_ctx: ERROR: cannot set DH
    0: DTLS1.2: Certificate file found: /usr/local/etc/turn_server_cert.pem
    0: DTLS1.2: Private key file found: /usr/local/etc/turn_server_pkey.pem
    0: ERROR: set_ctx: ERROR: cannot set DH
    0: DTLS cipher suite: DEFAULT

    $ ps -ef|grep turnserve
    root 100411 turnserver -o -a -f -v -user=test:123456 -r MYTest

    $ sudo lsof -i :3478
    COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
    turnserve 100411 root 13u IPv4 331035 0t0 TCP localhost:3478 (LISTEN)
    turnserve 100411 root 21u IPv4 331040 0t0 TCP localhost:3478 (LISTEN)
    turnserve 100411 root 29u IPv4 331045 0t0 TCP localhost:3478 (LISTEN)
    turnserve 100411 root 37u IPv4 331050 0t0 TCP localhost:3478 (LISTEN)
    turnserve 100411 root 45u IPv4 331055 0t0 TCP localhost:3478 (LISTEN)
    turnserve 100411 root 53u IPv4 331060 0t0 TCP localhost:3478 (LISTEN)
    turnserve 100411 root 61u IPv4 331065 0t0 TCP localhost:3478 (LISTEN)
    turnserve 100411 root 69u IPv4 331070 0t0 TCP localhost:3478 (LISTEN)
    turnserve 100411 root 77u IPv4 331075 0t0 TCP localhost:3478 (LISTEN)
    turnserve 100411 root 84u IPv4 330096 0t0 UDP localhost:3478
    turnserve 100411 root 86u IPv4 330097 0t0 UDP localhost:3478
    turnserve 100411 root 87u IPv4 330098 0t0 UDP localhost:3478
    turnserve 100411 root 88u IPv4 331080 0t0 TCP localhost:3478 (LISTEN)
    turnserve 100411 root 91u IPv4 330099 0t0 UDP localhost:3478
    turnserve 100411 root 92u IPv4 330100 0t0 UDP localhost:3478
    turnserve 100411 root 93u IPv4 330101 0t0 UDP localhost:3478
    turnserve 100411 root 94u IPv4 330102 0t0 UDP localhost:3478
    turnserve 100411 root 95u IPv4 330103 0t0 UDP localhost:3478
    turnserve 100411 root 96u IPv4 330104 0t0 UDP localhost:3478
    turnserve 100411 root 97u IPv4 330105 0t0 UDP localhost:3478

    有输出监听端口的信息说明已经成功启动

    有Sqlite配置,【配置参考】

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    40
    41
    42
    43
    44
    45
    46
    47
    48
    49
    50
    51
    52
    53
    54
    55
    56
    57
    58
    59
    60
    61
    62
    63
    64
    65
    66
    67
    68
    69
    70
    71
    72
    73
    74
    75
    76
    77
    78
    79
    80
    81
    82
    83
    84
    85
    86
    87
    88
    89
    90
    91
    92
    93
    94
    95
    96
    97
    98
    99
    100
    101
    102

    $ sudo turnadmin -a -u test -p 123456 -r demo

    $ sudo vim turnserver.conf
    #监听端口
    listening-port=3478
    #监听的网卡
    listening-device=ens33
    #公网ip
    external-ip=192.168.0.115
    #用户名:密码
    user=test:123456
    #一般与turnadmin创建用户时指定的realm一致
    realm=demo
    cli-password=123456

    $ sudo turnserver -o -a -f -user=test:123456 -v -r demo
    0: log file opened: /var/log/turn_99525_2021-08-04.log
    0: Config file found: /usr/local/etc/turnserver.conf
    0:
    RFC 3489/5389/5766/5780/6062/6156 STUN/TURN Server
    Version Coturn-4.5.1.1 'dan Eider'
    0:
    Max number of open files/sockets allowed for this process: 1048576
    0:
    Due to the open files/sockets limitation,
    max supported number of TURN Sessions possible is: 524000 (approximately)
    0:

    ==== Show him the instruments, Practical Frost: ====

    0: TLS supported
    0: DTLS supported
    0: DTLS 1.2 supported
    0: TURN/STUN ALPN supported
    0: Third-party authorization (oAuth) supported
    0: GCM (AEAD) supported
    0: OpenSSL compile-time version: OpenSSL 1.1.1j 16 Feb 2021 (0x101010af)
    0:
    0: SQLite supported, default database location is /usr/local/var/db/turndb
    0: Redis is not supported
    0: PostgreSQL is not supported
    0: MySQL is not supported
    0: MongoDB is not supported
    0:
    0: Default Net Engine version: 3 (UDP thread per CPU core)

    =====================================================

    0: Domain name:
    0: Default realm: demo
    0: Config file found: /usr/local/etc/turn_server_cert.pem
    0: Config file found: /usr/local/etc/turn_server_pkey.pem
    0: SSL23: Certificate file found: /usr/local/etc/turn_server_cert.pem
    0: SSL23: Private key file found: /usr/local/etc/turn_server_pkey.pem
    0: ERROR: set_ctx: ERROR: cannot set DH
    0: TLS1.0: Certificate file found: /usr/local/etc/turn_server_cert.pem
    0: TLS1.0: Private key file found: /usr/local/etc/turn_server_pkey.pem
    0: ERROR: set_ctx: ERROR: cannot set DH
    0: TLS1.1: Certificate file found: /usr/local/etc/turn_server_cert.pem
    0: TLS1.1: Private key file found: /usr/local/etc/turn_server_pkey.pem
    0: ERROR: set_ctx: ERROR: cannot set DH
    0: TLS1.2: Certificate file found: /usr/local/etc/turn_server_cert.pem
    0: TLS1.2: Private key file found: /usr/local/etc/turn_server_pkey.pem
    0: ERROR: set_ctx: ERROR: cannot set DH
    0: TLS cipher suite: DEFAULT
    0: DTLS: Certificate file found: /usr/local/etc/turn_server_cert.pem
    0: DTLS: Private key file found: /usr/local/etc/turn_server_pkey.pem
    0: ERROR: set_ctx: ERROR: cannot set DH
    0: DTLS1.2: Certificate file found: /usr/local/etc/turn_server_cert.pem
    0: DTLS1.2: Private key file found: /usr/local/etc/turn_server_pkey.pem
    0: ERROR: set_ctx: ERROR: cannot set DH
    0: DTLS cipher suite: DEFAULT
    0: NO EXPLICIT LISTENER ADDRESS(ES) ARE CONFIGURED
    0: ===========Discovering listener addresses: =========
    0: Listener address to use: 127.0.0.1
    0: Listener address to use: 192.168.0.115
    0: Listener address to use: ::1
    0: =====================================================
    0: Total: 1 'real' addresses discovered
    0: =====================================================
    0: NO EXPLICIT RELAY ADDRESS(ES) ARE CONFIGURED
    0: ===========Discovering relay addresses: =============
    0: Relay address to use: 192.168.0.115
    0: Relay address to use: ::1
    0: =====================================================
    0: Total: 2 relay addresses discovered
    0: =====================================================

    $ ps -ef|grep turnserve
    root 100608 turnserver -o -a -f -user=test:123456 -v -r demo

    $ sudo lsof -i :3478
    COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
    turnserve 100608 root 13u IPv4 330422 0t0 TCP localhost:3478 (LISTEN)
    turnserve 100608 root 17u IPv4 330426 0t0 TCP ubuntu:3478 (LISTEN)
    turnserve 100608 root 27u IPv4 333118 0t0 UDP localhost:3478
    turnserve 100608 root 28u IPv4 330433 0t0 TCP localhost:3478 (LISTEN)
    turnserve 100608 root 29u IPv4 333119 0t0 UDP localhost:3478
    turnserve 100608 root 34u IPv4 333122 0t0 UDP ubuntu:3478
    turnserve 100608 root 36u IPv4 333123 0t0 UDP ubuntu:3478
    turnserve 100608 root 38u IPv4 330437 0t0 TCP ubuntu:3478 (LISTEN)
  6. 测试
    webrtc-samples提供的测工具
    测试环境:

  • coturn服务运行在一台“桥接网络适配器”VMWare虚拟机上,网段是192.168.0.1和宿主机一样。
  • 在一台“Net网络适配器”VMWare虚拟机测试ICE,网段是192.168.58.123相当于一个小局域网,结果如图:
    VMWare Net网络适配器测试结果
    没有测试出relay效果,只是测试出来了本地网络,coturn还是得部署到公网IP的服务器上才行。

    部署到云服务器时记得开放UDP和TCP的3478端口。