Note:
libwebsockets (support WebSocket)
libsrtp and libusrsctp (audio and video streaming control and data protocol support)
libmicrohttpd (support http/https)
Janus
nginx (provide web services)
1. The basic environment depends on the installation
yum install -y epel-release
yum update -y
yum install -y deltarpm
yum install doxygen graphviz
yum install -y openssh-server sudo which file curl zip unzip wget
yum install -y libmicrohttpd-devel jansson-devel libnice-devel glib2-devel opus-devel libogg-devel pkgconfig gengetopt libtool autoconf automake libsrtp-devel sofia-sip-devel libcurl-devel make gcc gcc-c++ git cmake libconfig-devel openssl-devel libevent libevent-devel sqlite sqlite-devel postgresql-devel postgresql-server mysql-devel mysql-server hiredis hiredis-devel
export PKG_CONFIG_PATH=$PKG_CONFIG_PATH:/usr/lib/pkgconfig
2. Install libsrtp
mkdir -p stcc/janus
cd /stcc/janus/
wget https://github.com/cisco/libsrtp/archive/v1.5.4.tar.gz
tar xfv v1.5.4.tar.gz
cd libsrtp-1.5.4
./configure --prefix=/usr --enable-openssl --libdir=/usr/lib64
make shared_library && make install
cd …
wget https://github.com/cisco/libsrtp/archive/v2.2.0.tar.gz
tar xfv v2.2.0.tar.gz
cd libsrtp-2.2.0
./configure --prefix=/usr --enable-openssl --libdir=/usr/lib64
make shared_library && make install
cd …
3. Install libusrsctp
git clone https://github.com/Kurento/libusrsctp.git
cd libusrsctp
./bootstrap
./configure --prefix=/usr --libdir=/usr/lib64
make && make install
cd …
4. Install libmicrohttpd (V0.9.72)
wget https://ftp.gnu.org/gnu/libmicrohttpd/libmicrohttpd-0.9.72.tar.gz
tar zxf libmicrohttpd-0.9.72.tar.gz
cd libmicrohttpd-0.9.72/
./configure
make && make install
cd …
5. Install usrsctp (V0.9.5)
git clone https://github.com/sctplab/usrsctp
cd usrsctp
./bootstrap
./configure --prefix=/usr
make && make install
cd …
6. Install libwebsocket (V4.1.6)
git clone https://github.com/warmcat/libwebsockets
cd libwebsockets
git branch -a #View and select the latest stable version, the current one is remotes/origin/v3.2-stable
git checkout v3.2-stable #Switch to The latest stable version
mkdir build
cd build
cmake -DMAKE_INSTALL_PREFIX:PATH=/usr -DCMAKE_C_FLAGS="-fpic"…
make && make install
cd …/…
7. Install Janus (V0.10.5)
git clone https://github.com/meetecho/janus-gateway.git &&
cd janus-gateway
sh autogen.sh
./configure --prefix=/opt/janus --enable-websockets --enable-data-channels --enable-docs
make && make install && make configs
cd …
8. Install and configure nginx
#Download nginx 1.15.8 version
wget http://nginx.org/download/nginx-1.15.8.tar.gz
tar xvzf nginx-1.15.8.tar.gz
cd nginx-1.15.8/ #Configuration
, must Support https
./configure --with-http_ssl_module
Compile
make && make install
cd …
Generate certificate
mkdir -p cert
cd cert
#CA private key
openssl genrsa -out key.pem 2048
#Self-signed certificate
openssl req -new -x509 -key key.pem -out cert.pem -days 1095
cd …
Modify the nginx configuration file vi /usr/local/nginx/conf/nginx.conf
Location to point to the directory where janus is located /opt/janus/share/janus/demos
Configure the certificate
ssl_certificate /stcc/janus/cert/cert.pem;
ssl_certificate_key /stcc/janus/cert/key.pem;
as shown below:
Start nginx
/usr/local/nginx/sbin/nginx to
access the https server ip
If it is http access as above, please
enter https://121.4.124.xxx/ in the nginx configuration , the access is successful
9. coturn service deployment (V4.5.1.3)
wget https://coturn.net/turnserver/v4.5.2/turnserver-4.5.1.3.tar.gz
tar -zxvf turnserver-4.5.1.3.tar.gz
cd turnserver-4.5.1.3/
./configure
make && make install
cd…
mkdir curncert
cd curncert
openssl req -x509 -newkey rsa:2048 -keyout /stcc/janus/turncert/turn_server_pkey.pem -out /stcc/janus/turncert/turn_server_cert.pem -days 99999 -nodes
which turnserver
cp /usr/local/etc/turnserver.conf.default /usr/local/etc/turnserver.conf
vi /usr/local/etc/turnserver.conf
Insert at the end of the file
The following shows some 内联代码片.
#与前ifconfig查到的网卡名称一致
listening-device=eth0
listening-port=3478
#tls-listening-port=5349
#内网IP
listening-ip=172.17.0.x
relay-ip=172.17.0.x
#公网IP
external-ip=121.4.124.xxx
min-port=49152
max-port=65535
cert= /stcc/janus/turncert/turn_server_cert.pem
pkey= /stcc/janus/turncert/turn_server_pkey.pem
#用户名密码
user=stcc:123456
#不开启会报CONFIG ERROR: Empty cli-password, and so telnet cli interface is disabled! Please set a non empty cli-password!错误
cli-password=qwerty
lt-cred-mech
pidfile="/var/run/turnserver.pid"
turnserver -v -r 121.4.124.xxx:3478 -a -o -c /usr/local/etc/turnserver.conf
Note: If you are using Alibaba Cloud or Tencent Cloud servers, you need to develop access to the corresponding port and turn off the firewall of the corresponding port
10. janus configuration file
cd /opt/janus/etc/janus
modify the configuration janus.jcfg
Modify janus.transport.http.jcfg to enable https and add certificates.
Here are some 内联代码片.
general: {
#events = true # Whether to notify event handlers about transport events (default=true)
json = "indented" # Whether the JSON messages should be indented (default),
# plain (no indentation) or compact (no indentation and no spaces)
base_path = "/janus" # Base path to bind to in the web server (plain HTTP only)
threads = "unlimited" # unlimited=thread per connection, number=thread pool
http = true # Whether to enable the plain HTTP interface
port = 8088 # Web server HTTP port
#interface = "eth0" # Whether we should bind this server to a specific interface only
#ip = "192.168.0.1" # Whether we should bind this server to a specific IP address (v4 or v6) only
https = true # Whether to enable HTTPS (default=false)
secure_port = 8089 # Web server HTTPS port, if enabled
#secure_interface = "eth0" # Whether we should bind this server to a specific interface only
#secure_ip = "192.168.0.1" # Whether we should bind this server to a specific IP address (v4 or v6) only
#acl = "127.,192.168.0." # Only allow requests coming from this comma separated list of addresses
}
certificates: {
cert_pem = "/home/ubuntu/cert/cert.pem"
cert_key = "/home/ubuntu/cert/key.pem"
#cert_pwd = "secretpassphrase"
#ciphers = "PFS:-VERS-TLS1.0:-VERS-TLS1.1:-3DES-CBC:-ARCFOUR-128"
}
Modify janus.transport.websockets.jcfg to open wss and add certificates
as shown in the figure:
# WebSockets stuff: whether they should be enabled, which ports they
# should use, and so on.
general: {
#events = true # Whether to notify event handlers about transport events (default=true)
json = "indented" # Whether the JSON messages should be indented (default),
#pingpong_trigger = 30 # After how many seconds of idle, a PING should be sent
#pingpong_timeout = 10 # After how many seconds of not getting a PONG, a timeout should be detected
ws = true # Whether to enable the WebSockets API
ws_port = 8188 # WebSockets server port
#ws_interface = "eth0" # Whether we should bind this server to a specific interface only
#ws_ip = "192.168.0.1" # Whether we should bind this server to a specific IP address only
wss = true # Whether to enable secure WebSockets
wss_port = 8989 # WebSockets server secure port, if enabled
#wss_interface = "eth0" # Whether we should bind this server to a specific interface only
#wss_ip = "192.168.0.1" # Whether we should bind this server to a specific IP address only
#ws_logging = "err,warn" # libwebsockets debugging level as a comma separated list of things
# to debug, supported values: err, warn, notice, info, debug, parser,
# header, ext, client, latency, user, count (plus 'none' and 'all')
#ws_acl = "127.,192.168.0." # Only allow requests coming from this comma separated list of addresses
}
# If you want to expose the Admin API via WebSockets as well, you need to
# specify a different server instance, as you cannot mix Janus API and
# Admin API messaging. Notice that by default the Admin API support via
# WebSockets is disabled.
admin: {
admin_ws = false # Whether to enable the Admin API WebSockets API
admin_ws_port = 7188 # Admin API WebSockets server port, if enabled
#admin_ws_interface = "eth0" # Whether we should bind this server to a specific interface only
#admin_ws_ip = "192.168.0.1" # Whether we should bind this server to a specific IP address only
admin_wss = false # Whether to enable the Admin API secure WebSockets
#admin_wss_port = 7989 # Admin API WebSockets server secure port, if enabled
#admin_wss_interface = "eth0" # Whether we should bind this server to a specific interface only
#admin_wss_ip = "192.168.0.1" # Whether we should bind this server to a specific IP address only
#admin_ws_acl = "127.,192.168.0." # Only allow requests coming from this comma separated list of addresses
}
# Certificate and key to use for any secure WebSocket server, if enabled (and passphrase if needed).
# You can also disable insecure protocols and ciphers by configuring the
# 'ciphers' property accordingly (no limitation by default).
# Examples of recommended cipher strings at https://cheatsheetseries.owasp.org/cheatsheets/TLS_Cipher_String_Cheat_Sheet.html
certificates: {
cert_pem = "/stcc/janus/cert/cert.pem"
cert_key = "/stcc/janus/cert/key.pem"
#cert_pwd = "secretpassphrase"
#ciphers = "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256"
}
Modify Janus demo to add wss support
as shown in the figure:
11. Start janus
/opt/janus/bin/janus --debug-level=5 --log-file=$HOME/janus-log