Janus版本:janus-gateway-0.11.5,注册版本与各组件版本的对应关系,注意组件间依赖的版本匹配问题。
1.安装依赖库:
下载最新的源代码需要git,若没有安装git可以使用下面命令进行安装:
sudo apt-get install git -y
安装lua库
sudo apt-get install liblua5.3-dev
编译运行 Janus Server 需要依赖较多的一些第三方库,而这些依赖库在 Ubuntu 下主要通过 aptitude 进行安装,首先通过安装 aptitude:
sudo apt-get install aptitude
还有一些编译的aptitude依赖库,相关安装命令如下:
sudo aptitude install libmicrohttpd-dev libjansson-dev libnice-dev
sudo aptitude install libssl-dev libsofia-sip-ua-dev libglib2.0-dev
sudo aptitude install libopus-dev libogg-dev libcurl4-openssl-dev pkg-config f
sudo aptitude install gengetopt libtool automake libconfig-dev doxygen graphviz
sudo apt-get install cmake openssl libssl-dev -y
sudo apt-get install -y
2.安装libsrtp2.2.0:
下载源码:https://github.com/cisco/libsrtp/releases/tag/v2.2.0
#tar -xvf v2.2.0.tar.gz
#cd libsrtp-2.2.0
#./configure --prefix=/usr --libdir=/usr/lib64 --enable-openssl
#make shared_library
#sudo make install
这里带上“--enable-openssl”参数,一般都需要开启https。
3.安装libwebsockets:
下载源码:https://github.com/warmcat/libwebsockets/tags,这里下载3.2.2
#tar -xvf libwebsockets-3.2.2.tar.gz
#cd libwebsockets-3.2.2
#make build
#cd build
#cmake ..
#cmake -DLWS_MAX_SMP=1 -DLWS_WITHOUT_EXTENSIONS=0 -DCMAKE_INSTALL_PREFIX:PATH=/usr -DCMAKE_C_FLAGS="-fpic" ..
#make
#sudo make install
3.安装Janus:
下载源码:https://github.com/meetecho/janus-gateway 这里下载0.11.5版本
#tar -xvf janus-gateway-0.11.5.tar.gz
#cd janus-gateway-0.11.5
#./autogen.sh
#./configure --prefix=/opt/janus --enable-websockets --disable-plugin-lua --enable-rest --enable-docs
#make
#sudo make install
#sudo make configs //只需要执行一次,后面执行会覆盖前面的。
4.启动
Sudo /opt/janus/bin/janus --stun-server=1.1.1.1:3478 &
5.配置安装nginx
安装
apt-get install nginx
nginx -v // 查看版本
systemctl start nginx // 启动服务
systemctl enable nginx // 开机自启动
systemctl stop nginx // 停止服务
配置
#sudo vi /etc/nginx/sites-available/default
//把工程根路径指向janus的demos目录
root /opt/janus/share/janus/demos;
保存退出,刷新配置
#sudo nginx -s reload
6.配置开启Https访问
6.1生成自签发SSL证书
#sudo mkdir /etc/nginx/cert
#sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/cert/app.key -out /etc/nginx/cert/app.crt
// 按自己的实际情况输入Common Name是使用证书的主机IP不能输错
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:JiangSu
Locality Name (eg, city) []:NanJing
Organization Name (eg, company) [Internet Widgits Pty Ltd]:MicroSoftt Ltd
Organizational Unit Name (eg, section) []:Dept
Common Name (e.g. server FQDN or YOUR name) []:192.168.1.113
Email Address []:[email protected]
增加前向保密
#sudo openssl dhparam -out /etc/nginx/cert/dhparam.pem 2048
6.2配置nginx使用ssl证书
配置支持http和https都可以访问,http重定向到https
#sudo vi /etc/nginx/sites-available/default
server {
listen 80 default_server;
server_name 192.168.1.113; # 可替换成域名
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
ssl_certificate /etc/nginx/cert/app.crt;
ssl_certificate_key /etc/nginx/cert/app.key;
ssl_dhparam /etc/nginx/cert/dhparam.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
...
}
保存后退出
刷新配置
#nginx -s reload
6.3配置Janus使用ssl证书
Chrome浏览要求开启摄像头的网站必须使用https,除非只是本机访问(localhost),所以一般都需要开启
janus配置修改
修改janus.transport.http.jcfg配置文件
# sudo /opt/janus/etc/janus/janus.transport.http.jcfg
general: {
#events = true
json = "indented"
base_path = "/janus" # Base path to bind to in the web server (plain HTTP only)
http = true # Whether to enable the plain HTTP interface
port = 8088 # Web server HTTP port
#interface = "eth0"
#ip = "192.168.0.1"
https = true # Whether to enable HTTPS (default=false)
secure_port = 8089 # Web server HTTPS port, if enabled
#secure_interface = "eth0"
#secure_ip = "192.168.0.1"
#acl = "127.,192.168.0."
#mhd_connection_limit = 1020
mhd_debug = true
}
………………………
admin: {
admin_base_path = "/admin"
admin_http = true # Whether to enable the plain HTTP interface
admin_port = 7088 # Admin/monitor web server HTTP port
#admin_interface = "eth0"
#admin_ip = "192.168.0.1"
admin_https = true
admin_secure_port = 7889 # Admin/monitor web server HTTPS port, if enabled
#admin_secure_interface = "eth0"
#admin_secure_ip = "192.168.0.1
#admin_acl = "127.,192.168.0."
}
………………
certificates: {
cert_pem = "/etc/nginx/cert/app.crt"
cert_key = "/etc/nginx/cert/app.key"
#cert_pwd = "secretpassphrase"
#ciphers = "PFS:-VERS-TLS1.0:-VERS-TLS1.1:-3DES-CBC:-ARCFOUR-128"
}
修改janus.jcfg
#sudo vi /opt/janus/etc/janus/janus.jcfg
certificates: {
cert_pem = "/etc/nginx/cert/app.crt"
cert_key = "/etc/nginx/cert/app.key"
#cert_pwd = "secretpassphrase"
#dtls_accept_selfsigned = false
#dtls_ciphers = "your-desired-openssl-ciphers"
#rsa_private_key = false
}
修改janus.transport.websockets.jcfg配置文件
# sudo /opt/janus/etc/janus/janus.transport.websockets.jcfg
general: {
#events = true
json = "indented"
base_path = "/janus" # Base path to bind to in the web server (plain HTTP only)
http = true # Whether to enable the plain HTTP interface
port = 8088 # Web server HTTP port
#interface = "eth0"
#ip = "192.168.0.1"
https = true # Whether to enable HTTPS (default=false)
secure_port = 8089 # Web server HTTPS port, if enabled
#secure_interface = "eth0"
#secure_ip = "192.168.0.1"
#acl = "127.,192.168.0."
#mhd_connection_limit = 1020
mhd_debug = true
}
………………………
admin: {
admin_base_path = "/admin"
admin_http = true # Whether to enable the plain HTTP interface
admin_port = 7088 # Admin/monitor web server HTTP port
#admin_interface = "eth0"
#admin_ip = "192.168.0.1"
admin_https = true
admin_secure_port = 7889 # Admin/monitor web server HTTPS port, if enabled
#admin_secure_interface = "eth0"
#admin_secure_ip = "192.168.0.1
#admin_acl = "127.,192.168.0."
}
………………
certificates: {
cert_pem = "/etc/nginx/cert/app.crt"
cert_key = "/etc/nginx/cert/app.key"
#cert_pwd = "secretpassphrase"
#ciphers = "PFS:-VERS-TLS1.0:-VERS-TLS1.1:-3DES-CBC:-ARCFOUR-128"
}
修改完后重新启动就可
5.部署ICE服务器(Coturn)
概述:
WEBRTC在建立连接是一般有三个步骤:
1. 尝试直连.
2. 通过stun服务器进行穿透
3. 无法穿透则通过turn服务器中转.
只有连接的两个设备在同一NAT网络内部时,第一步直连才能成功,否则要借助穿越服务器(stun或turn)使用第2步或第3步进行连接。
网上有一些免费的stun服务可以测试使用,如stun.ideasip.com。但建立连接时会比较慢
所以最好的办法是自己搭建一台。
coturn 是一套支持stun和turn两种功能的软件,支持tcp, udp, tls, dtls 连接,支持linux bsd solaris mac os. 暂不支持windows。
coturn 依赖组件:
coturn网络通讯使用的是libevent,所以需要安装livevent2.
安装
安装基础组件:
#sudo apt-get install libssl-dev libevent-dev libpq-dev
安装coturn
# git clone https://github.com/coturn/coturn
# cd coturn
# ./configure --prefix=/usr/local/coturn
# make -j 4 // 多线程编译
# make install
配置
#vi /etc/profile
export PATH=/usr/lodal/coturn/bin:$PATH
#source /etc/profile
#cd /usr/local/coturn/etc
#sudo cp ./turnserver.conf.default ./turnserver.conf
#vi ./turnserver.conf
cli-password=qwerty
relay-device=eth33
listening-ip=192.168.1.113
listening-port=3478
tls-listening-port=5349
external-ip=39.105.44.xx // 外网(公网)IP
relay-ip=192.168.1.113
relay-threads=50
lt-cred-mech
cert=/etc/nginx/cert/app.pem // 测试安装,用上面生成的证书
pkey=/etc/nginx/cert/app.key
user=test:keytest1
启动
turnserver -o -a -f -v --mobility -m 10 --max-bps=100000 --min-port=32355 --max-port=65535 --user= test:keytest1 -r test
参数说明:
-m 10 表示启动十个relay线程
–max-bps=100000 限制最大速度为100KB/s
当TURN Server用于WebRTC时,必须使用long-term credential mechanism, 即指定 -a 或者 --lt-cred-mech
添加了用户:test以及对应的密码