亲测有效,有问题,欢迎留言。
搭建环境:Ubuntu 16.04.6 LTS
下载并安装libevent-2.0
wget https://github.com/downloads/libevent/libevent/libevent-2.0.21-stable.tar.gz tar zxvf libevent-2.0.21-stable.tar.gz cd libevent-2.0.21-stable && ./configure make && make install
下载编译安装coturn
git clone https://github.com/coturn/coturn cd coturn ./configure make make install
查看是否安装成功
which turnserver
创建用户名和密码:
turnadmin -k -u demo -r hangzhou -p demo
生成:0xc74d8dd2c3dac2f1d40b57b9c33e644d (后面的配置文件需要用到用户名和密码)
配置文件
在/usr/local/etc/目录下有turnserver.conf.default,复制为turnserver.conf
cd /usr/local/etc/ cp turnserver.conf.default turnserver.conf
首先查看网卡,记录网卡名称和内网地址
签名证书
apt-get install openssl
cert和pkey配置的自签名证书用Openssl命令生成:
sudo openssl req -x509 -newkey rsa:2048 -keyout /etc/turn_server_pkey.pem -out /etc/turn_server_cert.pem -days 99999 -nodes
填写相关信息随便写。
生成的两个文件一般在/etc/目录下
修改配置信息
vi /usr/local/etc/turnserver.conf
listening-ip与relay-ip采用内网ip,external-ip是外网的ip
正常使用的配置文件:
//***********************************************************************//
listening-device=enp4s3 #与前ifconfig查到的网卡名称一致
relay-device=enp4s3 #与前ifconfig查到的网卡名称一致
listening-ip=192.168.10.206 #内网IP
listening-port=3478
tls-listening-port=5349
relay-ip=192.168.10.206 #内网IP
external-ip=115.238.103.171 #公网IP
relay-threads=50
lt-cred-mech
static-auth-secret=demo
user=demo:0x7a24c8f6e22650e49726a2e96ee902b7 #用户名密码,创建IceServer时用
userdb=/etc/turnuserdb.conf
#max-bps=102400
pidfile="/var/run/turnserver.pid"
no-loopback-peers
no-multicast-peers
sha256
mobility
no-cli
cert=/etc/turn_server_cert.pem
pkey=/etc/turn_server_pkey.pem
stale-nonce
use-auth-secret
Verbose
fingerprint
//**************************************************************************************//
字段说明:
listening-port: turnserver监听UDP/TCP端口,默认为3478;
tls-listening-port: turnserver监听TLS/DTLS端口,默认为5349,
将TCP/UDP和TLS/DTLS分别定义监听端口是符合RFC5766规范的,但是通过配置两者能使用同一端口,不推荐;
listening-ip: 中继服务器的监听IP地址,可以配置多个;
relay-ip: 中继服务器的IP地址;
external-ip: 外部IP,当中继服务器在NAT网络内部时指定,此处可以不添加;
server-name: 服务器名称,用于OAuth认证,默认和realm相同;
realm: 域名;
userdb: 用于保存用户信息;
cert/pkey: 自签名证书相关;
开启turnserver,执行命令
cd /coturn/bin
turnserver -v -r 外网IP:3478 -a -o
turnserver -v -r 115.238.103.171:3478 -a -o
运行结果:
root@ubuntu:/home/wowjoy/coturn/bin# ./myrun.sh
0: log file opened: /var/log/turn_626_2020-04-21.log
0: Listener address to use: 192.168.10.206
0: WARNING: Options -b, --userdb and --db are not supported because SQLite is not supported in this build.
0: Bad configuration format: no-loopback-peers
0: Config file found: /usr/local/etc/turnserver.conf
0: Bad configuration format: no-loopback-peers
0:
RFC 3489/5389/5766/5780/6062/6156 STUN/TURN Server
Version Coturn-4.5.1.1 'dan Eider'
0:
Max number of open files/sockets allowed for this process: 1048576
0:
Due to the open files/sockets limitation,
max supported number of TURN Sessions possible is: 524000 (approximately)
0:
==== Show him the instruments, Practical Frost: ====
0: TLS supported
0: DTLS supported
0: DTLS 1.2 supported
0: TURN/STUN ALPN supported
0: Third-party authorization (oAuth) supported
0: GCM (AEAD) supported
0: OpenSSL compile-time version: OpenSSL 1.0.2g 1 Mar 2016 (0x1000207f)
0:
0: SQLite is not supported
0: Redis supported
0: PostgreSQL supported
0: MySQL supported
0: MongoDB is not supported
0:
0: Default Net Engine version: 3 (UDP thread per CPU core)
=====================================================
0: Domain name:
0: Default realm: 192.168.10.206:3478
0: SSL23: Certificate file found: /etc/turn_server_cert.pem
0: SSL23: Private key file found: /etc/turn_server_pkey.pem
0: TLS1.0: Certificate file found: /etc/turn_server_cert.pem
0: TLS1.0: Private key file found: /etc/turn_server_pkey.pem
0: TLS1.1: Certificate file found: /etc/turn_server_cert.pem
0: TLS1.1: Private key file found: /etc/turn_server_pkey.pem
0: TLS1.2: Certificate file found: /etc/turn_server_cert.pem
0: TLS1.2: Private key file found: /etc/turn_server_pkey.pem
0: TLS cipher suite: DEFAULT
0: DTLS: Certificate file found: /etc/turn_server_cert.pem
0: DTLS: Private key file found: /etc/turn_server_pkey.pem
0: DTLS1.2: Certificate file found: /etc/turn_server_cert.pem
0: DTLS1.2: Private key file found: /etc/turn_server_pkey.pem
0: DTLS cipher suite: DEFAULT
0: Relay address to use: 192.168.10.206
root@ubuntu:/home/wowjoy/coturn/bin#
ICE测试
只有relay地址回来的是你的ip才算穿透成功。
https://webrtc.github.io/samples/src/content/peerconnection/trickle-ice/