WebRTC 服务器搭建 局域网 Ubuntu16.04

webrtc服务器搭建:(参考文献)

基于外网:

https://www.jianshu.com/p/5431a7066f47

http://linxunfeng.top/2018/06/07/AppRTC%E5%AE%9E%E6%88%98/

https://blog.csdn.net/china_jeffery/article/details/80092309

https://blog.csdn.net/gladsnow/article/details/77900578

https://www.jianshu.com/p/7fd28c26a2cb

基于局域网:

https://blog.csdn.net/gladsnow/article/details/77900333

https://blog.csdn.net/s569646547/article/details/50780682

https://blog.csdn.net/lamb7758/article/details/77045735

操作系统:Ubuntu 16.04 

IP地址:局域网 192.168.6.54

1、webrtc_apprtc搭建:

sudo apt-get install npm

npm -g install grunt-cli

下载Google App Engine SDK for Python并解压,编辑

sudo vim /etc/profile

export PATH="$PATH:/home/parallels/webrtc/google_appengine/"

source /etc/profile

wget https://nodejs.org/dist/v7.7.0/node-v7.7.0-linux-x64.tar.gztar xvf node-v7.7.0-linux-x64.tar.gz

sudo vim /etc/profile

export PATH=$PATH:$HOME/node-v5.9.0-sunos-x64/bin

source /etc/profile

git clone https://github.com/webrtc/apprtc

cd apprtc

npm install

grunt build

主要是src/app_engine目录下的apprtc.py和constants.py文件。对于src/app_engine目录下的文件每次修改后需执行命令grunt build重新编译,也可以直接编辑out/app_engine目录下的apprtc.py和constants.py避免重新编译。

1.修改/root/apprtc/src/app_engine/constants.py:

# 这部分为 添加

TURN_BASE_URL = 'http://192.168.6.54:80'; #本机内网地址192.168.6.54,此处的端口号与Nginx监听的端口号保持一致

        TURN_URL_TEMPLATE = '%s/turn.php?username=%s&key=%s'; #如果turn.php未实现,可使用默认配置

        CEOD_KEY = 'yangjiangang'  #此处后面turn配置的用户名保持一致

        ICE_SERVER_BASE_URL = 'http://192.168.6.54:80';#此处的端口号与Nginx监听的端口号保持一致

        ICE_SERVER_URL_TEMPLATE = '%s/iceconfig.php?key=%s'; #如果iceconfig.php未实现,可用默认配置,但是Android Apk会有问题

ICE_SERVER_API_KEY = os.environ.get('ICE_SERVER_API_KEY')

        WSS_INSTANCE_HOST_KEY = '192.168.6.54:8089'  #信令服务器端口号8089 

        WSS_INSTANCE_NAME_KEY = 'vm_name'

        WSS_INSTANCE_ZONE_KEY = 'zone'

        WSS_INSTANCES = [{

        WSS_INSTANCE_HOST_KEY: '192.168.6.54:8089',

        WSS_INSTANCE_NAME_KEY: 'wsserver-std',

        WSS_INSTANCE_ZONE_KEY: 'us-central1-a' 

        }, { 

        WSS_INSTANCE_HOST_KEY: '192.168.6.54:8089',

        WSS_INSTANCE_NAME_KEY: 'wsserver-std-2',

        WSS_INSTANCE_ZONE_KEY: 'us-central1-f'

        }]

2.修改/root/apprtc/src/app_engine/apprtc.py(若使用https,则不需修改此文件)

if wss_tls and wss_tls == 'false':

      wss_url = 'ws://' + wss_host_port_pair + '/ws'

          wss_post_url = 'http://' + wss_host_port_pair

        else:

                  wss_url = 'ws://' + wss_host_port_pair + '/ws'

          wss_post_url = 'http://' + wss_host_port_pair

把原来的wss和https的scheme都改为ws和http,不要让客户端或者浏览器去使用SSL链接。若有第三方根证书的签名机构颁发的证书可忽略。

修改完后重新执行

grunt build

运行房间服务器(room server):

在目录/root/google_appengine目录下找到dev_appserver.py脚本,执行以下语句

./dev_appserver.py --host=192.168.6.54 /root/apprtc/out/app_engine

若想后台运行,则执行 

nohup ./dev_appserver.py --host=192.168.6.54 /root/apprtc/out/app_engine &

在浏览器中访问房间服务器

http://192.168.6.54:8080

2、webrtc_collider搭建:

配置编译环境

wget https://storage.googleapis.com/golang/go1.6.3.linux-amd64.tar.gztar xvf go1.6.3.linux-amd64.tar.gz

sudo vim /etc/profile

export GOROOT=/home/parallels/webrtc/go

export GOPATH=/home/parallels/webrtc/collider

export PATH=$PATH:$GOROOT/bin:$GOPATH/bin

source /etc/profile

拷贝collider源码

mkdir -p collider/src

cp -rf apprtc/src/collider/* /collider/src

修改房间服务器的地址

sudo vim ./collider/src/collidermain/main.go

varroomSrv=flag.String("room-server","http://192.168.6.54:8080","The origin of the room server")

编译信令服务器

进入目录 collider/src/

go get collidermain

go install collidermain

编译成功后,在collider目录下会生成bin 

运行信令服务器

进入/collider/bin/目录,运行信令服务器

./collidermain -port=8089 -tls=false

若想后台运行,则执行

nohup ./collidermain -port=8089 -tls=false &

3、webrtc_turn搭建:

sudo apt-get install libssl-devsudo apt-get install libevent-dev

git clone https://github.com/coturn/coturn.gitcd coturn

configure && make && make install

which turnserver查看是否成功

sudo cp /usr/local/etc/turnserver.conf.default /usr/local/etc/turnserver.conf

注意:/usr/local/etc/turnserver.conf才是配置文件! 

/usr/local/etc/turnserver.conf.default并不是配置文件!

生成md5码:turnadmin -k –u 用户名 -r 地区 -p 密码 

turnadmin -k -u yangjiangang -r beijing -p 12345678

0x461c0b00c9fd030d2f3659806c8db557

一定要把md5码记录下来,下面需要用到的。

生成证书,该过程需要你填写一些信息自己看着填吧!随便写

parallels@parallels-vm:~$sudo openssl req -x509 -newkey rsa:2048 -keyout /etc/turn_server_pkey.pem -out /etc/turn_server_cert.pem -days 99999 -nodes

Generating a 2048 bit RSA private key

..........+++

.......................................+++

writing new private key to '/etc/turn_server_pkey.pem'

-----

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [AU]:CN

State or Province Name (full name) [Some-State]:beijing

Locality Name (eg, city) []:beijing

Organization Name (eg, company) [Internet Widgits Pty Ltd]:wenlu

Organizational Unit Name (eg, section) []:wenlu

Common Name (e.g. server FQDN or YOUR name) []:yangjiangang

Email Address []:[email protected]

创建turnuserdb.conf文件 ,在其中填入之前生成的用户名和key (md5码) 

sudo vi /etc/turnserdb.conf

yangjiangang:0x461c0b00c9fd030d2f3659806c8db557

sudo gedit /usr/local/etc/turnserver.conf

listening-device=eth0

relay-device=eth0

listening-ip=10.211.55.15

listening-port=3478

tls-listening-port=5349

relay-ip=10.211.55.15

external-ip=10.211.55.15

relay-threads=50

lt-cred-mech

static-auth-secret=yangjiangang

user=yangjiangang:0x461c0b00c9fd030d2f3659806c8db557

userdb=/etc/turnuserdb.conf

#max-bps=102400

pidfile="/var/run/turnserver.pid"

no-loopback-peers

no-multicast-peers

sha256

mobility

no-cli

cert=/etc/turn_server_cert.pem

pkey=/etc/turn_server_pkey.pem

stale-nonce

use-auth-secret

Verbose

fingerprint

sudo turnserver -L 10.211.55.15 -o -a -b /etc/turnserdb.conf -f -r yangjiangang

service coturn start

在浏览器上输入http://10.211.55.15:3478

WebRTC 服务器搭建 局域网 Ubuntu16.04_第1张图片

这样穿透就搭建成功了!

4、配置nginx:

apt-get install nginx

apt-get install php

apt-get install php7.0-fpm

sudo vim /etc/nginx/sites-available/default

        upstream roomserver {

            server 192.168.6.54:8080;

        }

        server {

            #listen 80 default_server;

            #listen [::]:80 default_server;

            listen 80;

            # SSL configuration

            #

            # listen 443 ssl default_server;

            # listen [::]:443 ssl default_server;

            #

            # Note: You should disable gzip for SSL traffic.

            # See: https://bugs.debian.org/773332

            #

            # Read up on ssl_ciphers to ensure a secure configuration.

            # See: https://bugs.debian.org/765782

            #

            # Self signed certs generated by the ssl-cert package

            # Don't use them in a production server!

            #

            # include snippets/snakeoil.conf;

            root /var/www/html;

            # Add index.php to the list if you are using PHP

            index index.html index.htm index.nginx-debian.html index.php; #此处添加index.php

            server_name _;

            #  location / {

                # First attempt to serve request as file, then

                # as directory, then fall back to displaying a 404.

                #  try_files $uri $uri/ =404;

            #  }

            # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000

            #

            location ~ \.php$ {

                include snippets/fastcgi-php.conf;

                # With php7.0-cgi alone:

                #  fastcgi_pass 127.0.0.1:9000;

                # With php7.0-fpm:

                fastcgi_pass unix:/run/php/php7.0-fpm.sock;

            }

            location / {

                proxy_pass http://roomserver$request_uri;

                proxy_set_header Host $host;

            }

            # deny access to .htaccess files, if Apache's document root

            # concurs with nginx's one

            #

            #location ~ /\.ht {

                #  deny all;

            #}

        }

编写turn.php文件和iceconfig.php文件,并把文件放到目录/var/www/html/目录下

turn.php文件内容:

            $request_username = $_GET["username"]; 

            if(empty($request_username)) { 

                echo "username == null"; 

                exit; 

            } 

            $request_key = $_GET["key"]; 

            $time_to_live = 600; 

            $timestamp = time() + $time_to_live;//失效时间 

            $response_username = $timestamp.":".$_GET["username"]; 

            $response_key = $request_key; 

            if(empty($response_key)) 

            $response_key = "code_key"; //constants.py中CEOD_KEY 

            $response_password = getSignature($response_username, $response_key); 

            $jsonObj = new Response(); 

            $jsonObj->username = $response_username; 

            $jsonObj->password = $response_password; 

            $jsonObj->ttl = 86400;

            //此处需配置自己的服务器

            $jsonObj->uris= array("stun:192.168.6.54:3478","turn:192.168.6.54:3478?transport=udp","turn:192.168.6.54:3478?transport=tcp");

            echo json_encode($jsonObj); 

        /** 

        * 使用HMAC-SHA1算法生成签名值 

        * 

        * @param $str 源串 

        * @param $key 密钥 

        * 

        * @return 签名值 

        */

        function getSignature($str, $key) {

        $signature = "";

        if (function_exists('hash_hmac')) {

        $signature = base64_encode(hash_hmac("sha1", $str, $key, true));

        } else {

        $blocksize = 64;

        $hashfunc = 'sha1';

        if (strlen($key) > $blocksize) {

        $key = pack('H*', $hashfunc($key));

        }

        $key = str_pad($key, $blocksize, chr(0x00));

        $ipad = str_repeat(chr(0x36), $blocksize);

        $opad = str_repeat(chr(0x5c), $blocksize);

        $hmac = pack(

        'H*', $hashfunc(

        ($key ^ $opad) . pack(

        'H*', $hashfunc(

        ($key ^ $ipad) . $str

        )

        )

        )

        );

        $signature = base64_encode($hmac);

        }

            return $signature;

            }

            class Response { 

                public $username = ""; 

                public $password = ""; 

                public $ttl = ""; 

                public $uris = array(""); 

            } 

        ?>

iceconfig.php文件内容:

            $request_username = "inesadt";  //配置成自己的turn服务器用户名

            if(empty($request_username)) { 

                echo "username == null"; 

                exit; 

            } 

            $request_key = "inesadt";  //配置成自己的turn服务器密码

            $time_to_live = 600; 

            $timestamp = time() + $time_to_live;//失效时间 

            $response_username = $timestamp.":".$_GET["username"]; 

            $response_key = $request_key; 

            if(empty($response_key)) 

            $response_key = "CEOD_KEY";//constants.py中CEOD_KEY 

            $response_password = getSignature($response_username, $response_key); 

            $arrayObj = array();

            $arrayObj[0]['username'] = $response_username;

            $arrayObj[0]['credential'] = $response_password;

            //配置成自己的stun/turn服务器

            $arrayObj[0]['urls'][0] = "stun:192.168.6.54:3478";

            $arrayObj[0]['urls'][1] = "turn:192.168.6.54:3478?transport=tcp";

            $arrayObj[0]['uris'][0] = "stun:192.168.6.54:3478";

            $arrayObj[0]['uris'][1] = "turn:192.168.6.54:3478?transport=tcp";

            $jsonObj = new Response(); 

            $jsonObj->lifetimeDuration = "300.000s";

            $jsonObj->iceServers = $arrayObj;

            echo json_encode($jsonObj); 

            /** 

            * 使用HMAC-SHA1算法生成签名值 

            * 

            * @param $str 源串 

            * @param $key 密钥 

            * 

            * @return 签名值 

            */

            function getSignature($str, $key) {

                $signature = "";

                if (function_exists('hash_hmac')) {

                    $signature = base64_encode(hash_hmac("sha1", $str, $key, true));

                } else {

                    $blocksize = 64;

                    hashfunc = 'sha1';

                    if (strlen($key) > $blocksize) {

                        $key = pack('H*', $hashfunc($key));

                    }

                    $key = str_pad($key, $blocksize, chr(0x00));

                    $ipad = str_repeat(chr(0x36), $blocksize);

                    $opad = str_repeat(chr(0x5c), $blocksize);

                    $hmac = pack(   

                    'H*', $hashfunc(   

                            ($key ^ $opad) . pack(   

                                    'H*', $hashfunc(   

                                            ($key ^ $ipad) . $str   

                                  )   

                            )   

                        )   

                    );

                    $signature = base64_encode($hmac);

                }

                return $signature;

          }

            class Response {

                    public $lifetimeDuration = "";

                    public $iceServers = array("");

            }

        ?>

注:关于turn.php和iceconfig.php文件实现的必要性,如果是http局域网,即使不实现这两个文件,在浏览器之间也可实现视频通信,但是如果使用Google的Android apk作为客户端,则可能会存在问题。经过测试,实现iceconfig.php即可,turn.php文件可不实现。

重启Nginx服务器和php7.0-fpm

service nginx restart

service php7.0-fpm restart

你可能感兴趣的:(WebRTC 服务器搭建 局域网 Ubuntu16.04)