CentOS 7.6 64位 Janus Server 服务搭建

注：
libwebsockets(支持 WebSocket)
libsrtp 和 libusrsctp(音视频流传输控制和数据协议支持)
libmicrohttpd(支持 http/https)
Janus
nginx(提供 web 服务)

1. 基础环境依赖安装

yum install -y epel-release
yum update -y
yum install -y deltarpm
yum install doxygen graphviz
yum install -y openssh-server sudo which file curl zip unzip wget
yum install -y libmicrohttpd-devel jansson-devel libnice-devel glib2-devel opus-devel libogg-devel pkgconfig gengetopt libtool autoconf automake libsrtp-devel sofia-sip-devel libcurl-devel make gcc gcc-c++ git cmake libconfig-devel openssl-devel libevent libevent-devel sqlite sqlite-devel postgresql-devel postgresql-server mysql-devel mysql-server hiredis hiredis-devel

export PKG_CONFIG_PATH=$PKG_CONFIG_PATH:/usr/lib/pkgconfig

2. 安装libsrtp

mkdir -p stcc/janus
cd /stcc/janus/
wget https://github.com/cisco/libsrtp/archive/v1.5.4.tar.gz
tar xfv v1.5.4.tar.gz
cd libsrtp-1.5.4
./configure --prefix=/usr --enable-openssl --libdir=/usr/lib64
make shared_library && make install
cd …
wget https://github.com/cisco/libsrtp/archive/v2.2.0.tar.gz
tar xfv v2.2.0.tar.gz
cd libsrtp-2.2.0
./configure --prefix=/usr --enable-openssl --libdir=/usr/lib64
make shared_library && make install
cd …

3. 安装libusrsctp

git clone https://github.com/Kurento/libusrsctp.git
cd libusrsctp
./bootstrap
./configure --prefix=/usr --libdir=/usr/lib64
make && make install
cd …

4. 安装libmicrohttpd（V0.9.72）

wget https://ftp.gnu.org/gnu/libmicrohttpd/libmicrohttpd-0.9.72.tar.gz
tar zxf libmicrohttpd-0.9.72.tar.gz
cd libmicrohttpd-0.9.72/
./configure
make && make install
cd …

5. 安装usrsctp(V0.9.5)

git clone https://github.com/sctplab/usrsctp
cd usrsctp
./bootstrap
./configure --prefix=/usr
make && make install
cd …

6. 安装libwebsocket(V4.1.6)

git clone https://github.com/warmcat/libwebsockets
cd libwebsockets
git branch -a #查看并选择最新的稳定版本，目前的是remotes/origin/v3.2-stable
git checkout v3.2-stable #切换到最新稳定版本
mkdir build
cd build
cmake -DMAKE_INSTALL_PREFIX:PATH=/usr -DCMAKE_C_FLAGS="-fpic" …
make && make install
cd …/…

7. 安装Janus(V0.10.5)

git clone https://github.com/meetecho/janus-gateway.git &&
cd janus-gateway
sh autogen.sh
./configure --prefix=/opt/janus --enable-websockets --enable-data-channels --enable-docs
make && make install && make configs
cd …

8. 安装配置nginx

#下载nginx 1.15.8版本
wget http://nginx.org/download/nginx-1.15.8.tar.gz
tar xvzf nginx-1.15.8.tar.gz
cd nginx-1.15.8/
#配置，一定要支持https
./configure --with-http_ssl_module

编译

make && make install
cd …
生成证书
mkdir -p cert
cd cert
#CA私钥
openssl genrsa -out key.pem 2048
#自签名证书
openssl req -new -x509 -key key.pem -out cert.pem -days 1095
cd …
修改nginx配置文件 vi /usr/local/nginx/conf/nginx.conf
Location中指向janus所在目录/opt/janus/share/janus/demos

配置证书
ssl_certificate /stcc/janus/cert/cert.pem;
ssl_certificate_key /stcc/janus/cert/key.pem;
如下图：

启动nginx
/usr/local/nginx/sbin/nginx
访问https 服务器ip
如果是http 访问 如上 请在nginx配置
输入https://121.4.124.xxx/，访问成功

9. coturn服务部署（V4.5.1.3）

wget https://coturn.net/turnserver/v4.5.2/turnserver-4.5.1.3.tar.gz
tar -zxvf turnserver-4.5.1.3.tar.gz
cd turnserver-4.5.1.3/
./configure
make && make install
cd…
mkdir curncert
cd curncert
openssl req -x509 -newkey rsa:2048 -keyout /stcc/janus/turncert/turn_server_pkey.pem -out /stcc/janus/turncert/turn_server_cert.pem -days 99999 -nodes

which turnserver
cp /usr/local/etc/turnserver.conf.default /usr/local/etc/turnserver.conf
vi /usr/local/etc/turnserver.conf
在文件末尾插入
下面展示一些 内联代码片。

#与前ifconfig查到的网卡名称一致
listening-device=eth0
listening-port=3478
#tls-listening-port=5349
#内网IP
listening-ip=172.17.0.x
relay-ip=172.17.0.x
#公网IP
external-ip=121.4.124.xxx
min-port=49152
max-port=65535
cert= /stcc/janus/turncert/turn_server_cert.pem 
pkey= /stcc/janus/turncert/turn_server_pkey.pem 
#用户名密码
user=stcc:123456
#不开启会报CONFIG ERROR: Empty cli-password, and so telnet cli interface is disabled! Please set a non empty cli-password!错误
cli-password=qwerty
lt-cred-mech
pidfile="/var/run/turnserver.pid"

turnserver -v -r 121.4.124.xxx:3478 -a -o -c /usr/local/etc/turnserver.conf

注意：如果使用的是阿里云或腾讯云的服务器，要开发对应端口的访问，关闭对应端口的防火墙

10. janus配置文件

cd /opt/janus/etc/janus
修改配置janus.jcfg

修改 janus.transport.http.jcfg 以开启 https 和增加证书
下面展示一些 内联代码片。

general: {
    
    
        #events = true                                  # Whether to notify event handlers about transport events (default=true)
        json = "indented"                               # Whether the JSON messages should be indented (default),
                                                                        # plain (no indentation) or compact (no indentation and no spaces)
        base_path = "/janus"                    # Base path to bind to in the web server (plain HTTP only)
        threads = "unlimited"                   # unlimited=thread per connection, number=thread pool
        http = true                                             # Whether to enable the plain HTTP interface
        port = 8088                                             # Web server HTTP port
        #interface = "eth0"                             # Whether we should bind this server to a specific interface only
        #ip = "192.168.0.1"                             # Whether we should bind this server to a specific IP address (v4 or v6) only
        https = true                                    # Whether to enable HTTPS (default=false)
        secure_port = 8089                              # Web server HTTPS port, if enabled
        #secure_interface = "eth0"              # Whether we should bind this server to a specific interface only
        #secure_ip = "192.168.0.1"              # Whether we should bind this server to a specific IP address (v4 or v6) only
        #acl = "127.,192.168.0."                # Only allow requests coming from this comma separated list of addresses
}

certificates: {
    
    
        cert_pem = "/home/ubuntu/cert/cert.pem"
        cert_key = "/home/ubuntu/cert/key.pem"
        #cert_pwd = "secretpassphrase"
        #ciphers = "PFS:-VERS-TLS1.0:-VERS-TLS1.1:-3DES-CBC:-ARCFOUR-128"
}

修改 janus.transport.websockets.jcfg 以开启 wss 和增加证书
如图：

# WebSockets stuff: whether they should be enabled, which ports they
# should use, and so on.
general: {
    
    
        #events = true                                  # Whether to notify event handlers about transport events (default=true)
        json = "indented"                               # Whether the JSON messages should be indented (default),
        #pingpong_trigger = 30                  # After how many seconds of idle, a PING should be sent
        #pingpong_timeout = 10                  # After how many seconds of not getting a PONG, a timeout should be detected

        ws = true                                               # Whether to enable the WebSockets API
        ws_port = 8188                                  # WebSockets server port
        #ws_interface = "eth0"                  # Whether we should bind this server to a specific interface only
        #ws_ip = "192.168.0.1"                  # Whether we should bind this server to a specific IP address only
        wss = true                                              # Whether to enable secure WebSockets
        wss_port = 8989                         # WebSockets server secure port, if enabled
        #wss_interface = "eth0"                 # Whether we should bind this server to a specific interface only
        #wss_ip = "192.168.0.1"                 # Whether we should bind this server to a specific IP address only
        #ws_logging = "err,warn"                # libwebsockets debugging level as a comma separated list of things
                                                                        # to debug, supported values: err, warn, notice, info, debug, parser,
                                                                        # header, ext, client, latency, user, count (plus 'none' and 'all')
        #ws_acl = "127.,192.168.0."             # Only allow requests coming from this comma separated list of addresses
}

# If you want to expose the Admin API via WebSockets as well, you need to
# specify a different server instance, as you cannot mix Janus API and
# Admin API messaging. Notice that by default the Admin API support via
# WebSockets is disabled.
admin: {
    
    
        admin_ws = false                                        # Whether to enable the Admin API WebSockets API
        admin_ws_port = 7188                            # Admin API WebSockets server port, if enabled
        #admin_ws_interface = "eth0"            # Whether we should bind this server to a specific interface only
        #admin_ws_ip = "192.168.0.1"            # Whether we should bind this server to a specific IP address only
        admin_wss = false                                       # Whether to enable the Admin API secure WebSockets
        #admin_wss_port = 7989                          # Admin API WebSockets server secure port, if enabled
        #admin_wss_interface = "eth0"           # Whether we should bind this server to a specific interface only
        #admin_wss_ip = "192.168.0.1"           # Whether we should bind this server to a specific IP address only
        #admin_ws_acl = "127.,192.168.0."       # Only allow requests coming from this comma separated list of addresses
}

# Certificate and key to use for any secure WebSocket server, if enabled (and passphrase if needed).
# You can also disable insecure protocols and ciphers by configuring the
# 'ciphers' property accordingly (no limitation by default).
# Examples of recommended cipher strings at https://cheatsheetseries.owasp.org/cheatsheets/TLS_Cipher_String_Cheat_Sheet.html
certificates: {
    
    
        cert_pem = "/stcc/janus/cert/cert.pem"
        cert_key = "/stcc/janus/cert/key.pem"
        #cert_pwd = "secretpassphrase"
        #ciphers = "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256"
}

修改 Janus demo 增加 wss 支持
如图：

11. 启动janus

/opt/janus/bin/janus --debug-level=5 --log-file=$HOME/janus-log