简介
coturn
是一个开源的 TURN/STUN
服务器,支持 P2P 穿透。
- STUN 服务器用于获取设备的外部网络地址
- TURN 服务器是在点对点失败后用于通信中继。
WebRTC 建立连接的步骤大概是这样的:
- 客户端(浏览器)直接尝试直连;
- 如果如果直连则通过 STUN 服务器进行穿透;
- 如果无法穿透则通过 TURN 服务器进行中转。
部署
安装编译依赖工具
1
$ sudo apt-get install build-essential libssl-dev openssl
注意apt安装的openssl版本可能太老,会导致编译coturn失败,可以源码安装新版本openssl,参考【Ubuntu 16.04 LTS安装新版OpenSSL】
安装依赖库libevent
源码安装才是新版本1
2
3
4
5
6$ wget https://github.com/libevent/libevent/releases
/download/release-2.1.10-stable/libevent-2.1.10-stable.tar.gz
$ tar -zxvf libevent-2.1.10-stable.tar.gz
$ cd libevent-2.1.10-stable
$ ./configure
$ make & make install安装数据库依赖sqlite
这一步可以跳过,如果在这里安装sqlite的话,安装coturn会自动检查到。1
$ sudo apt-get install sqlite libsqlite3-dev
安装coturn
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102# 下载
$ wget https://github.com/coturn/coturn/archive/4.5.1.1.tar.gz
$ tar -zxvf 4.5.1.1.tar.gz
$ cd coturn-4.5.1.1
# 或者
$ git clone https://github.com.cnpmjs.org/coturn/coturn
# 编译安装
# 4.5.1.1
$ ./configure
$ make
$ sudo make install
install -d /usr/local
install -d /usr/local/bin
install -d /usr/local/var/db
install -d /usr/local/man/man1
install -d /usr/local/etc
install -d /usr/local/lib
install -d /usr/local/share/examples/turnserver
install -d /usr/local/share/doc/turnserver
install -d /usr/local/share/turnserver
install -d /usr/local/include/turn
install bin/turnserver /usr/local/bin
install bin/turnadmin /usr/local/bin
install bin/turnutils_uclient /usr/local/bin
install bin/turnutils_peer /usr/local/bin
install bin/turnutils_stunclient /usr/local/bin
install bin/turnutils_oauth /usr/local/bin
install bin/turnutils_natdiscovery /usr/local/bin
install man/man1/turnserver.1 /usr/local/man/man1/
install man/man1/turnadmin.1 /usr/local/man/man1/
install man/man1/turnutils.1 /usr/local/man/man1/
install man/man1/turnutils_uclient.1 /usr/local/man/man1/
install man/man1/turnutils_stunclient.1 /usr/local/man/man1/
install man/man1/turnutils_oauth.1 /usr/local/man/man1/
install man/man1/turnutils_natdiscovery.1 /usr/local/man/man1/
install man/man1/turnutils_peer.1 /usr/local/man/man1/
install man/man1/coturn.1 /usr/local/man/man1/
install lib/libturnclient.a /usr/local/lib
install LICENSE /usr/local/share/doc/turnserver
install README.turnserver /usr/local/share/doc/turnserver
install README.turnadmin /usr/local/share/doc/turnserver
install README.turnutils /usr/local/share/doc/turnserver
install INSTALL /usr/local/share/doc/turnserver
install postinstall.txt /usr/local/share/doc/turnserver
install turndb/schema.sql /usr/local/share/doc/turnserver
install turndb/schema.sql /usr/local/share/turnserver
install turndb/schema.mongo.sh /usr/local/share/doc/turnserver
install turndb/schema.mongo.sh /usr/local/share/turnserver
install turndb/testredisdbsetup.sh /usr/local/share/turnserver
install turndb/testmongosetup.sh /usr/local/share/turnserver
install turndb/testsqldbsetup.sql /usr/local/share/turnserver
install turndb/schema.userdb.redis /usr/local/share/doc/turnserver
install turndb/schema.userdb.redis /usr/local/share/turnserver
install turndb/schema.stats.redis /usr/local/share/doc/turnserver
install turndb/schema.stats.redis /usr/local/share/turnserver
if [ -f sqlite/turndb ] ; then install sqlite/turndb /usr/local/var/db/turndb;
fi install examples/etc/turnserver.conf /usr/local/etc/turnserver.conf.default
cp -rpf examples/etc /usr/local/share/examples/turnserver
cp -rpf examples/scripts /usr/local/share/examples/turnserver
rm -rf /usr/local/share/examples/turnserver/scripts/rfc5769.sh
cp -rpf include/turn/client /usr/local/include/turn
install include/turn/ns_turn_defs.h /usr/local/include/turn
cat /usr/local/share/doc/turnserver/postinstall.txt
==================================================================
1) If your system supports automatic start-up system daemon services,
then to enable the turnserver as a system service that is automatically
started, you have to:
a) Create and edit /etc/turnserver.conf or
/usr/local/etc/turnserver.conf .
Use /usr/local/etc/turnserver.conf.default as an example.
b) For user accounts settings: set up SQLite or PostgreSQL or
MySQL or MongoDB or Redis database for user accounts.
Use /usr/local/share/turnserver/schema.sql as SQL database schema,
or use /usr/local/share/turnserver/schema.userdb.redis as Redis
database schema description and/or
/usr/local/share/turnserver/schema.stats.redis
as Redis status & statistics database schema description.
If you are using SQLite, the default database location is in
/var/db/turndb or in /usr/local/var/db/turndb or in /var/lib/turn/turndb
c) add whatever is necessary to enable start-up daemon for the
/usr/local/bin/turnserver.
2) If you do not want the turnserver to be a system service,
then you can start/stop it "manually", using the "turnserver"
executable with appropriate options (see the documentation).
3) To create database schema, use schema in file
/usr/local/share/turnserver/schema.sql.
4) For additional information, run:
$ man turnserver
$ man turnadmin
$ man turnutils
==================================================================配置coturn(重点)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23$ cd /usr/local/etc
$ cp turnserver.conf.default turnserver.conf
$ openssl req -x509 -newkey rsa:2048 -keyout
turn_server_pkey.pem -out turn_server_cert.pem -days 99999 -nodes
$ ifconfig -a
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.0.115 netmask 255.255.255.0 broadcast 192.168.0.255
inet6 fe80::5632:dfa1:378e:7570 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:6c:a8:71 txqueuelen 1000 (Ethernet)
RX packets 5037 bytes 6248464 (6.2 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2856 bytes 226651 (226.6 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 1137 bytes 93030 (93.0 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1137 bytes 93030 (93.0 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0无数据库配置,【配置参考】
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108$ sudo vim turnserver.conf
#与前ifconfig查到的网卡名称一致
relay-device=ens33
#内网IP
listening-ip=192.168.0.115
listening-port=3478
tls-listening-port=5349
relay-ip=192.168.0.115
#公网IP
external-ip=192.168.0.115
relay-threads=10
lt-cred-mech
cert=/usr/local/etc/turn_server_cert.pem
pkey=/usr/local/etc/turn_server_pkey.pem
pidfile="/var/run/turnserver.pid"
min-port=49152
max-port=65535
#用户名密码,创建IceServer时用
user=test:123456
cli-password=123456
$ sudo turnserver -o -a -f -v -user=test:123456 -r MYTest
0: log file opened: /var/log/turn_38651_2021-08-03.log
0: Listener address to use: 127.0.0.1
0: Relay address to use: 127.0.0.1
0: Config file found: /usr/local/etc/turnserver.conf
0:
RFC 3489/5389/5766/5780/6062/6156 STUN/TURN Server
Version Coturn-4.5.1.1 'dan Eider'
0:
Max number of open files/sockets allowed for this process: 1048576
0:
Due to the open files/sockets limitation,
max supported number of TURN Sessions possible is: 524000 (approximately)
0:
==== Show him the instruments, Practical Frost: ====
0: TLS supported
0: DTLS supported
0: DTLS 1.2 supported
0: TURN/STUN ALPN supported
0: Third-party authorization (oAuth) supported
0: GCM (AEAD) supported
0: OpenSSL compile-time version: OpenSSL 1.1.1j 16 Feb 2021 (0x101010af)
0:
0: SQLite supported, default database location is /usr/local/var/db/turndb
0: Redis is not supported
0: PostgreSQL is not supported
0: MySQL is not supported
0: MongoDB is not supported
0:
0: Default Net Engine version: 3 (UDP thread per CPU core)
=====================================================
0: Domain name:
0: Default realm: MyTest
0: SSL23: Certificate file found: /usr/local/etc/turn_server_cert.pem
0: SSL23: Private key file found: /usr/local/etc/turn_server_pkey.pem
0: ERROR: set_ctx: ERROR: cannot set DH
0: TLS1.0: Certificate file found: /usr/local/etc/turn_server_cert.pem
0: TLS1.0: Private key file found: /usr/local/etc/turn_server_pkey.pem
0: ERROR: set_ctx: ERROR: cannot set DH
0: TLS1.1: Certificate file found: /usr/local/etc/turn_server_cert.pem
0: TLS1.1: Private key file found: /usr/local/etc/turn_server_pkey.pem
0: ERROR: set_ctx: ERROR: cannot set DH
0: TLS1.2: Certificate file found: /usr/local/etc/turn_server_cert.pem
0: TLS1.2: Private key file found: /usr/local/etc/turn_server_pkey.pem
0: ERROR: set_ctx: ERROR: cannot set DH
0: TLS cipher suite: DEFAULT
0: DTLS: Certificate file found: /usr/local/etc/turn_server_cert.pem
0: DTLS: Private key file found: /usr/local/etc/turn_server_pkey.pem
0: ERROR: set_ctx: ERROR: cannot set DH
0: DTLS1.2: Certificate file found: /usr/local/etc/turn_server_cert.pem
0: DTLS1.2: Private key file found: /usr/local/etc/turn_server_pkey.pem
0: ERROR: set_ctx: ERROR: cannot set DH
0: DTLS cipher suite: DEFAULT
$ ps -ef|grep turnserve
root 100411 turnserver -o -a -f -v -user=test:123456 -r MYTest
$ sudo lsof -i :3478
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
turnserve 100411 root 13u IPv4 331035 0t0 TCP localhost:3478 (LISTEN)
turnserve 100411 root 21u IPv4 331040 0t0 TCP localhost:3478 (LISTEN)
turnserve 100411 root 29u IPv4 331045 0t0 TCP localhost:3478 (LISTEN)
turnserve 100411 root 37u IPv4 331050 0t0 TCP localhost:3478 (LISTEN)
turnserve 100411 root 45u IPv4 331055 0t0 TCP localhost:3478 (LISTEN)
turnserve 100411 root 53u IPv4 331060 0t0 TCP localhost:3478 (LISTEN)
turnserve 100411 root 61u IPv4 331065 0t0 TCP localhost:3478 (LISTEN)
turnserve 100411 root 69u IPv4 331070 0t0 TCP localhost:3478 (LISTEN)
turnserve 100411 root 77u IPv4 331075 0t0 TCP localhost:3478 (LISTEN)
turnserve 100411 root 84u IPv4 330096 0t0 UDP localhost:3478
turnserve 100411 root 86u IPv4 330097 0t0 UDP localhost:3478
turnserve 100411 root 87u IPv4 330098 0t0 UDP localhost:3478
turnserve 100411 root 88u IPv4 331080 0t0 TCP localhost:3478 (LISTEN)
turnserve 100411 root 91u IPv4 330099 0t0 UDP localhost:3478
turnserve 100411 root 92u IPv4 330100 0t0 UDP localhost:3478
turnserve 100411 root 93u IPv4 330101 0t0 UDP localhost:3478
turnserve 100411 root 94u IPv4 330102 0t0 UDP localhost:3478
turnserve 100411 root 95u IPv4 330103 0t0 UDP localhost:3478
turnserve 100411 root 96u IPv4 330104 0t0 UDP localhost:3478
turnserve 100411 root 97u IPv4 330105 0t0 UDP localhost:3478
有输出监听端口的信息说明已经成功启动有Sqlite配置,【配置参考】
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
$ sudo turnadmin -a -u test -p 123456 -r demo
$ sudo vim turnserver.conf
#监听端口
listening-port=3478
#监听的网卡
listening-device=ens33
#公网ip
external-ip=192.168.0.115
#用户名:密码
user=test:123456
#一般与turnadmin创建用户时指定的realm一致
realm=demo
cli-password=123456
$ sudo turnserver -o -a -f -user=test:123456 -v -r demo
0: log file opened: /var/log/turn_99525_2021-08-04.log
0: Config file found: /usr/local/etc/turnserver.conf
0:
RFC 3489/5389/5766/5780/6062/6156 STUN/TURN Server
Version Coturn-4.5.1.1 'dan Eider'
0:
Max number of open files/sockets allowed for this process: 1048576
0:
Due to the open files/sockets limitation,
max supported number of TURN Sessions possible is: 524000 (approximately)
0:
==== Show him the instruments, Practical Frost: ====
0: TLS supported
0: DTLS supported
0: DTLS 1.2 supported
0: TURN/STUN ALPN supported
0: Third-party authorization (oAuth) supported
0: GCM (AEAD) supported
0: OpenSSL compile-time version: OpenSSL 1.1.1j 16 Feb 2021 (0x101010af)
0:
0: SQLite supported, default database location is /usr/local/var/db/turndb
0: Redis is not supported
0: PostgreSQL is not supported
0: MySQL is not supported
0: MongoDB is not supported
0:
0: Default Net Engine version: 3 (UDP thread per CPU core)
=====================================================
0: Domain name:
0: Default realm: demo
0: Config file found: /usr/local/etc/turn_server_cert.pem
0: Config file found: /usr/local/etc/turn_server_pkey.pem
0: SSL23: Certificate file found: /usr/local/etc/turn_server_cert.pem
0: SSL23: Private key file found: /usr/local/etc/turn_server_pkey.pem
0: ERROR: set_ctx: ERROR: cannot set DH
0: TLS1.0: Certificate file found: /usr/local/etc/turn_server_cert.pem
0: TLS1.0: Private key file found: /usr/local/etc/turn_server_pkey.pem
0: ERROR: set_ctx: ERROR: cannot set DH
0: TLS1.1: Certificate file found: /usr/local/etc/turn_server_cert.pem
0: TLS1.1: Private key file found: /usr/local/etc/turn_server_pkey.pem
0: ERROR: set_ctx: ERROR: cannot set DH
0: TLS1.2: Certificate file found: /usr/local/etc/turn_server_cert.pem
0: TLS1.2: Private key file found: /usr/local/etc/turn_server_pkey.pem
0: ERROR: set_ctx: ERROR: cannot set DH
0: TLS cipher suite: DEFAULT
0: DTLS: Certificate file found: /usr/local/etc/turn_server_cert.pem
0: DTLS: Private key file found: /usr/local/etc/turn_server_pkey.pem
0: ERROR: set_ctx: ERROR: cannot set DH
0: DTLS1.2: Certificate file found: /usr/local/etc/turn_server_cert.pem
0: DTLS1.2: Private key file found: /usr/local/etc/turn_server_pkey.pem
0: ERROR: set_ctx: ERROR: cannot set DH
0: DTLS cipher suite: DEFAULT
0: NO EXPLICIT LISTENER ADDRESS(ES) ARE CONFIGURED
0: ===========Discovering listener addresses: =========
0: Listener address to use: 127.0.0.1
0: Listener address to use: 192.168.0.115
0: Listener address to use: ::1
0: =====================================================
0: Total: 1 'real' addresses discovered
0: =====================================================
0: NO EXPLICIT RELAY ADDRESS(ES) ARE CONFIGURED
0: ===========Discovering relay addresses: =============
0: Relay address to use: 192.168.0.115
0: Relay address to use: ::1
0: =====================================================
0: Total: 2 relay addresses discovered
0: =====================================================
$ ps -ef|grep turnserve
root 100608 turnserver -o -a -f -user=test:123456 -v -r demo
$ sudo lsof -i :3478
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
turnserve 100608 root 13u IPv4 330422 0t0 TCP localhost:3478 (LISTEN)
turnserve 100608 root 17u IPv4 330426 0t0 TCP ubuntu:3478 (LISTEN)
turnserve 100608 root 27u IPv4 333118 0t0 UDP localhost:3478
turnserve 100608 root 28u IPv4 330433 0t0 TCP localhost:3478 (LISTEN)
turnserve 100608 root 29u IPv4 333119 0t0 UDP localhost:3478
turnserve 100608 root 34u IPv4 333122 0t0 UDP ubuntu:3478
turnserve 100608 root 36u IPv4 333123 0t0 UDP ubuntu:3478
turnserve 100608 root 38u IPv4 330437 0t0 TCP ubuntu:3478 (LISTEN)测试
webrtc-samples提供的测工具
测试环境:
- coturn服务运行在一台“桥接网络适配器”VMWare虚拟机上,网段是192.168.0.1和宿主机一样。
- 在一台“Net网络适配器”VMWare虚拟机测试ICE,网段是192.168.58.123相当于一个小局域网,结果如图:
没有测试出relay效果,只是测试出来了本地网络,coturn还是得部署到公网IP的服务器上才行。部署到云服务器时记得开放UDP和TCP的3478端口。