Turnserver服務器搭建 · 運維知識記錄

[TOC] # 聲明: 這里完全是按照這篇博客安裝部署的 ``` https://blog.csdn.net/fightfaith/article/details/73276323 ``` # 安裝配置turnserver ## 第1章相關鏈接 ``` https://github.com/coturn/coturn https://github.com/coturn/coturn/wiki/turnserver https://github.com/coturn/coturn/blob/master/INSTALL ``` ## 第2章安裝配置 ### 2.1 安裝 ``` [root@webrtc-80 ~]# apt-get update [root@webrtc-80 ~]# apt-get install coturn -y [root@webrtc-80 ~]# dpkg -L coturn ``` ### 2.2 配置 #### 2.2.1 配置文件路徑 ``` /etc/turnserver.conf ``` #### 2.2.2 配置修改內容 ``` 18 listening-port=3478 30 tls-listening-port=5349 52 listening-ip=192.168.47.80 97 relay-ip=192.168.47.80 120 external-ip=192.168.47.80 217 server-name=test.com 317 realm=test.com 166 lt-cred-mech 260 userdb=/var/lib/turn/turndb 396 cert=/etc/turn_server_cert.pem 403 pkey=/etc/turn_server_pkey.pem 446 no-stdout-log 459 log-file=/var/tmp/turnserver.log 558 pidfile="/var/run/turnserver.pid" ``` #### 2.2.3 配置字段含義 ``` listening-port: turnserver監聽UDP/TCP端口,默認為3478; tls-listening-port: turnserver監聽TLS/DTLS端口,默認為5349, 將TCP/UDP和TLS/DTLS分別定義監聽端口是符合RFC5766規范的,但是通過配置兩者能使用同一端口,不推薦; listening-ip: 中繼服務器的監聽IP地址,可以配置多個; relay-ip: 中繼服務器的IP地址; external-ip: 外部IP,當中繼服務器在NAT網絡內部時指定,此處可以不添加; server-name: 服務器名稱,用于OAuth認證,默認和realm相同; realm: 域名; userdb: 用于保存用戶信息; cert/pkey: 自簽名證書相關; ``` #### 2.2.4 注意事項 ``` 1) coturn使用了SQLlite作為存儲,請保證userdb的正確配置(userdb=/var/lib/turn/turndb),不需要添加turnuserdb.conf文件(turnuserdb.conf多用于restund的配置方式); 2) cert和pkey配置的自簽名證書用Openssl命令生成 openssl req -x509 -newkey rsa:2048 -keyout /etc/turn_server_pkey.pem -out /etc/turn_server_cert.pem -days 99999 -nodes 3) 配置成功后生成用戶名/密碼 turnadmin -k -u -r -p //turnadmin -k -a -u btzh -r ice.btzh.net -p webrtc 執行上述命令后,會創建一個用戶/密碼,并添加到SQLlite數據庫中. 參數含義請參見 man turnadmin ``` #### 2.2.5 證書生成過程 ``` [root@webrtc-80 ~]# openssl req -x509 -newkey rsa:2048 -keyout /etc/turn_server_pkey.pem -out /etc/turn_server_cert.pem -days 99999 -nodes [root@webrtc-80 ~]# turnadmin -k -u -r -p //turnadmin -k -a -u btzh -r ice.btzh.net -p webrtc 0: log file opened: /var/log/turn_18903_2018-04-08.log 0: Config file found: /root/../etc/turnuserdb.conf [root@webrtc-80 ~]# ll /etc/turn_server_* -rw-r--r-- 1 root root 1.7K Apr 8 17:26 /etc/turn_server_pkey.pem -rw-r--r-- 1 root root 1.3K Apr 8 17:26 /etc/turn_server_cert.pem ``` ## 2.3 啟動服務后臺啟動,這里后臺啟動失敗,原因未確定 ``` service coturn start ``` 前臺啟動 ``` turnserver ``` 初次運行請使用非后臺啟動,會顯示當前運行狀態,如果有錯誤會直接顯示在控制臺上. ``` [root@webrtc-80 ~]# turnserver 0: log file opened: /var/log/turn_18927_2018-04-08.log 0: RFC 3489/5389/5766/5780/6062/6156 STUN/TURN Server Version Coturn-4.2.1.2 'Monza' 0: Max number of open files/sockets allowed for this process: 65536 0: Due to the open files/sockets limitation, max supported number of TURN Sessions possible is: 32500 (approximately) 0: ==== Show him the instruments, Practical Frost: ==== 0: TLS supported 0: DTLS supported 0: AEAD supported 0: Redis supported 0: PostgreSQL supported 0: MySQL supported 0: MongoDB is not supported 0: OpenSSL compile-time version 0x1000105f: fresh enough 0: Default Net Engine version: 2 (UDP thread per network endpoint) ===================================================== 0: Config file found: /root/../etc/turnserver.conf 0: Listener address to use: 192.168.47.80 0: Relay address to use: 192.168.47.80 ``` ## 2.4 驗證監聽 ``` [root@webrtc-80 ~]# lsof -n -i4TCP:3478 | grep LISTEN turnserve 18927 root 27u IPv4 31966 0t0 TCP 192.168.47.80:3478 (LISTEN) [root@webrtc-80 ~]# lsof -n -i4TCP:5349 | grep LISTEN turnserve 18927 root 28u IPv4 31967 0t0 TCP 192.168.47.80:5349 (LISTEN) ``` ## 2.5 驗證服務 ``` [root@webrtc-80 ~]# echo "192.168.47.80 test.com" >> /etc/hosts [root@webrtc-80 ~]# ping test.com PING test.com (192.168.47.80) 56(84) bytes of data. 64 bytes from test.com (192.168.47.80): icmp_seq=1 ttl=64 time=0.014 ms [root@webrtc-80 ~]# curl 192.168.47.80:3478 <!DOCTYPE html> <html> <head> <title>TURN Server</title> </head> <body> TURN Server </body> </html> [root@webrtc-80 ~]# curl test.com:3478 <!DOCTYPE html> <html> <head> <title>TURN Server</title> </head> <body> TURN Server </body> </html> ``` 網頁訪問綁定hosts后訪問http://test.com:3478 ``` ![](https://box.kancloud.cn/73ffe28e0f6b5520d121dc96cac6ebc3_466x125.png) ``` ## 2.6 查看日志 ``` [root@webrtc-80 ~]# tail -f /var/tmp/turnserver_2018-04-08.log 0: IO method (udp listener/relay thread): epoll (with changelist) 0: IO method (general relay thread): epoll (with changelist) 0: turn server id=1 created 0: turn server id=128 created 0: IO method (udp listener/relay thread): epoll (with changelist) 0: turn server id=129 created 0: Total UDP servers: 2 0: Total General servers: 2 0: IO method (auth thread): epoll (with changelist) 0: IO method (cli thread): epoll (with changelist) 15: read_client_connection: HTTP request: GET / HTTP/1.1 Host: test.com:3478 Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9 ```