webrtc服务器搭建:(参考文献)
基于外网:
https://www.jianshu.com/p/5431a7066f47
http://linxunfeng.top/2018/06/07/AppRTC%E5%AE%9E%E6%88%98/
https://blog.csdn.net/china_jeffery/article/details/80092309
https://blog.csdn.net/gladsnow/article/details/77900578
https://www.jianshu.com/p/7fd28c26a2cb
基于局域网:
https://blog.csdn.net/gladsnow/article/details/77900333
https://blog.csdn.net/s569646547/article/details/50780682
https://blog.csdn.net/lamb7758/article/details/77045735
操作系统:Ubuntu 16.04
IP地址:局域网 192.168.6.54
1、webrtc_apprtc搭建:
sudo apt-get install npm
npm -g install grunt-cli
下载Google App Engine SDK for Python并解压,编辑
sudo vim /etc/profile
export PATH="$PATH:/home/parallels/webrtc/google_appengine/"
source /etc/profile
wget https://nodejs.org/dist/v7.7.0/node-v7.7.0-linux-x64.tar.gztar xvf node-v7.7.0-linux-x64.tar.gz
sudo vim /etc/profile
export PATH=$PATH:$HOME/node-v5.9.0-sunos-x64/bin
source /etc/profile
git clone https://github.com/webrtc/apprtc
cd apprtc
npm install
grunt build
主要是src/app_engine目录下的apprtc.py和constants.py文件。对于src/app_engine目录下的文件每次修改后需执行命令grunt build重新编译,也可以直接编辑out/app_engine目录下的apprtc.py和constants.py避免重新编译。
1.修改/root/apprtc/src/app_engine/constants.py:
# 这部分为 添加
TURN_BASE_URL = 'http://192.168.6.54:80'; #本机内网地址192.168.6.54,此处的端口号与Nginx监听的端口号保持一致
TURN_URL_TEMPLATE = '%s/turn.php?username=%s&key=%s'; #如果turn.php未实现,可使用默认配置
CEOD_KEY = 'yangjiangang' #此处后面turn配置的用户名保持一致
ICE_SERVER_BASE_URL = 'http://192.168.6.54:80';#此处的端口号与Nginx监听的端口号保持一致
ICE_SERVER_URL_TEMPLATE = '%s/iceconfig.php?key=%s'; #如果iceconfig.php未实现,可用默认配置,但是Android Apk会有问题
ICE_SERVER_API_KEY = os.environ.get('ICE_SERVER_API_KEY')
WSS_INSTANCE_HOST_KEY = '192.168.6.54:8089' #信令服务器端口号8089
WSS_INSTANCE_NAME_KEY = 'vm_name'
WSS_INSTANCE_ZONE_KEY = 'zone'
WSS_INSTANCES = [{
WSS_INSTANCE_HOST_KEY: '192.168.6.54:8089',
WSS_INSTANCE_NAME_KEY: 'wsserver-std',
WSS_INSTANCE_ZONE_KEY: 'us-central1-a'
}, {
WSS_INSTANCE_HOST_KEY: '192.168.6.54:8089',
WSS_INSTANCE_NAME_KEY: 'wsserver-std-2',
WSS_INSTANCE_ZONE_KEY: 'us-central1-f'
}]
2.修改/root/apprtc/src/app_engine/apprtc.py(若使用https,则不需修改此文件)
if wss_tls and wss_tls == 'false':
wss_url = 'ws://' + wss_host_port_pair + '/ws'
wss_post_url = 'http://' + wss_host_port_pair
else:
wss_url = 'ws://' + wss_host_port_pair + '/ws'
wss_post_url = 'http://' + wss_host_port_pair
把原来的wss和https的scheme都改为ws和http,不要让客户端或者浏览器去使用SSL链接。若有第三方根证书的签名机构颁发的证书可忽略。
修改完后重新执行
grunt build
运行房间服务器(room server):
在目录/root/google_appengine目录下找到dev_appserver.py脚本,执行以下语句
./dev_appserver.py --host=192.168.6.54 /root/apprtc/out/app_engine
若想后台运行,则执行
nohup ./dev_appserver.py --host=192.168.6.54 /root/apprtc/out/app_engine &
在浏览器中访问房间服务器
http://192.168.6.54:8080
2、webrtc_collider搭建:
配置编译环境
wget https://storage.googleapis.com/golang/go1.6.3.linux-amd64.tar.gztar xvf go1.6.3.linux-amd64.tar.gz
sudo vim /etc/profile
export GOROOT=/home/parallels/webrtc/go
export GOPATH=/home/parallels/webrtc/collider
export PATH=$PATH:$GOROOT/bin:$GOPATH/bin
source /etc/profile
拷贝collider源码
mkdir -p collider/src
cp -rf apprtc/src/collider/* /collider/src
修改房间服务器的地址
sudo vim ./collider/src/collidermain/main.go
varroomSrv=flag.String("room-server","http://192.168.6.54:8080","The origin of the room server")
编译信令服务器
进入目录 collider/src/
go get collidermain
go install collidermain
编译成功后,在collider目录下会生成bin
运行信令服务器
进入/collider/bin/目录,运行信令服务器
./collidermain -port=8089 -tls=false
若想后台运行,则执行
nohup ./collidermain -port=8089 -tls=false &
3、webrtc_turn搭建:
sudo apt-get install libssl-devsudo apt-get install libevent-dev
git clone https://github.com/coturn/coturn.gitcd coturn
configure && make && make install
which turnserver查看是否成功
sudo cp /usr/local/etc/turnserver.conf.default /usr/local/etc/turnserver.conf
注意:/usr/local/etc/turnserver.conf才是配置文件!
/usr/local/etc/turnserver.conf.default并不是配置文件!
生成md5码:turnadmin -k –u 用户名 -r 地区 -p 密码
turnadmin -k -u yangjiangang -r beijing -p 12345678
0x461c0b00c9fd030d2f3659806c8db557
一定要把md5码记录下来,下面需要用到的。
生成证书,该过程需要你填写一些信息自己看着填吧!随便写
parallels@parallels-vm:~$sudo openssl req -x509 -newkey rsa:2048 -keyout /etc/turn_server_pkey.pem -out /etc/turn_server_cert.pem -days 99999 -nodes
Generating a 2048 bit RSA private key
..........+++
.......................................+++
writing new private key to '/etc/turn_server_pkey.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:beijing
Locality Name (eg, city) []:beijing
Organization Name (eg, company) [Internet Widgits Pty Ltd]:wenlu
Organizational Unit Name (eg, section) []:wenlu
Common Name (e.g. server FQDN or YOUR name) []:yangjiangang
Email Address []:[email protected]
创建turnuserdb.conf文件 ,在其中填入之前生成的用户名和key (md5码)
sudo vi /etc/turnserdb.conf
yangjiangang:0x461c0b00c9fd030d2f3659806c8db557
sudo gedit /usr/local/etc/turnserver.conf
listening-device=eth0
relay-device=eth0
listening-ip=10.211.55.15
listening-port=3478
tls-listening-port=5349
relay-ip=10.211.55.15
external-ip=10.211.55.15
relay-threads=50
lt-cred-mech
static-auth-secret=yangjiangang
user=yangjiangang:0x461c0b00c9fd030d2f3659806c8db557
userdb=/etc/turnuserdb.conf
#max-bps=102400
pidfile="/var/run/turnserver.pid"
no-loopback-peers
no-multicast-peers
sha256
mobility
no-cli
cert=/etc/turn_server_cert.pem
pkey=/etc/turn_server_pkey.pem
stale-nonce
use-auth-secret
Verbose
fingerprint
sudo turnserver -L 10.211.55.15 -o -a -b /etc/turnserdb.conf -f -r yangjiangang
service coturn start
在浏览器上输入http://10.211.55.15:3478
这样穿透就搭建成功了!
4、配置nginx:
apt-get install nginx
apt-get install php
apt-get install php7.0-fpm
sudo vim /etc/nginx/sites-available/default
upstream roomserver {
server 192.168.6.54:8080;
}
server {
#listen 80 default_server;
#listen [::]:80 default_server;
listen 80;
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html index.php; #此处添加index.php
server_name _;
# location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
# try_files $uri $uri/ =404;
# }
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
include snippets/fastcgi-php.conf;
# With php7.0-cgi alone:
# fastcgi_pass 127.0.0.1:9000;
# With php7.0-fpm:
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
location / {
proxy_pass http://roomserver$request_uri;
proxy_set_header Host $host;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
编写turn.php文件和iceconfig.php文件,并把文件放到目录/var/www/html/目录下
turn.php文件内容:
$request_username = $_GET["username"];
if(empty($request_username)) {
echo "username == null";
exit;
}
$request_key = $_GET["key"];
$time_to_live = 600;
$timestamp = time() + $time_to_live;//失效时间
$response_username = $timestamp.":".$_GET["username"];
$response_key = $request_key;
if(empty($response_key))
$response_key = "code_key"; //constants.py中CEOD_KEY
$response_password = getSignature($response_username, $response_key);
$jsonObj = new Response();
$jsonObj->username = $response_username;
$jsonObj->password = $response_password;
$jsonObj->ttl = 86400;
//此处需配置自己的服务器
$jsonObj->uris= array("stun:192.168.6.54:3478","turn:192.168.6.54:3478?transport=udp","turn:192.168.6.54:3478?transport=tcp");
echo json_encode($jsonObj);
/**
* 使用HMAC-SHA1算法生成签名值
*
* @param $str 源串
* @param $key 密钥
*
* @return 签名值
*/
function getSignature($str, $key) {
$signature = "";
if (function_exists('hash_hmac')) {
$signature = base64_encode(hash_hmac("sha1", $str, $key, true));
} else {
$blocksize = 64;
$hashfunc = 'sha1';
if (strlen($key) > $blocksize) {
$key = pack('H*', $hashfunc($key));
}
$key = str_pad($key, $blocksize, chr(0x00));
$ipad = str_repeat(chr(0x36), $blocksize);
$opad = str_repeat(chr(0x5c), $blocksize);
$hmac = pack(
'H*', $hashfunc(
($key ^ $opad) . pack(
'H*', $hashfunc(
($key ^ $ipad) . $str
)
)
)
);
$signature = base64_encode($hmac);
}
return $signature;
}
class Response {
public $username = "";
public $password = "";
public $ttl = "";
public $uris = array("");
}
?>
iceconfig.php文件内容:
$request_username = "inesadt"; //配置成自己的turn服务器用户名
if(empty($request_username)) {
echo "username == null";
exit;
}
$request_key = "inesadt"; //配置成自己的turn服务器密码
$time_to_live = 600;
$timestamp = time() + $time_to_live;//失效时间
$response_username = $timestamp.":".$_GET["username"];
$response_key = $request_key;
if(empty($response_key))
$response_key = "CEOD_KEY";//constants.py中CEOD_KEY
$response_password = getSignature($response_username, $response_key);
$arrayObj = array();
$arrayObj[0]['username'] = $response_username;
$arrayObj[0]['credential'] = $response_password;
//配置成自己的stun/turn服务器
$arrayObj[0]['urls'][0] = "stun:192.168.6.54:3478";
$arrayObj[0]['urls'][1] = "turn:192.168.6.54:3478?transport=tcp";
$arrayObj[0]['uris'][0] = "stun:192.168.6.54:3478";
$arrayObj[0]['uris'][1] = "turn:192.168.6.54:3478?transport=tcp";
$jsonObj = new Response();
$jsonObj->lifetimeDuration = "300.000s";
$jsonObj->iceServers = $arrayObj;
echo json_encode($jsonObj);
/**
* 使用HMAC-SHA1算法生成签名值
*
* @param $str 源串
* @param $key 密钥
*
* @return 签名值
*/
function getSignature($str, $key) {
$signature = "";
if (function_exists('hash_hmac')) {
$signature = base64_encode(hash_hmac("sha1", $str, $key, true));
} else {
$blocksize = 64;
hashfunc = 'sha1';
if (strlen($key) > $blocksize) {
$key = pack('H*', $hashfunc($key));
}
$key = str_pad($key, $blocksize, chr(0x00));
$ipad = str_repeat(chr(0x36), $blocksize);
$opad = str_repeat(chr(0x5c), $blocksize);
$hmac = pack(
'H*', $hashfunc(
($key ^ $opad) . pack(
'H*', $hashfunc(
($key ^ $ipad) . $str
)
)
)
);
$signature = base64_encode($hmac);
}
return $signature;
}
class Response {
public $lifetimeDuration = "";
public $iceServers = array("");
}
?>
注:关于turn.php和iceconfig.php文件实现的必要性,如果是http局域网,即使不实现这两个文件,在浏览器之间也可实现视频通信,但是如果使用Google的Android apk作为客户端,则可能会存在问题。经过测试,实现iceconfig.php即可,turn.php文件可不实现。
重启Nginx服务器和php7.0-fpm
service nginx restart
service php7.0-fpm restart