1. WebRTC of P2P penetration
P2P penetrating part WebRTC is implemented by libjingle.
The sequence of steps is probably this:
- Try to direct.
- Be penetrated by the STUN server
- You can not penetrate through the transit TURN server
STUN server is relatively simple, there are many online public STUN server can be used to test, for example:. Stun.ideasip.com
In P2P application WebRTC, the public use of STUN server, sometimes the response is slow, which requires its own to take a ICE server. STUN and TURN ICE server contains two parts, in fact, need only penetrate TURN server can solve the problem of P2P.
Coturn is to increase the number of advanced features on the original TurnServer. (This is the author's description of the two projects is the same author. Author Coturn more recommended ).
- coturn support tcp, udp, tls, dtls connection.
- coturn support linux bsd solaris mac os. does not support windows (future support)
2. Install Coturn
2.1 assembly mounted reliance
Use the following command to install the relevant Coturn dependence in libraries
sudo apt-get install libssl-dev
sudo apt-get install libevent-dev
sudo apt-get install libpq-dev
sudo apt-get install mysql-client
sudo apt-get install libmysqlclient-dev
sudo apt-get install libhiredis-dev
sudo apt-get install git
2.2 Download compile and install Coturn
Related commands
git clone https://github.com/coturn/coturn
cd coturn
./configure
make
sudo make install
2.3 Installation verification Coturn
Use the following command to view the installation Coturn
which turnserver
As shown below, it can be seen that the path Coturn turnserver where, represents a successful installation
3. Configure Coturn
3.1 to create a profile
Copy the generated Coturn configuration file from the default configuration file turnserver.conf
sudo cp /usr/local/etc/turnserver.conf.default /usr/local/etc/turnserver.conf
3.2 SSL certificate generation
SSL certificate generation server uses the relevant commands are as follows:
sudo openssl req -x509 -newkey rsa:2048 -keyout /etc/turn_server_pkey.pem -out /etc/turn_server_cert.pem -days 99999 -nodes
Related fillable command input information required, as shown in FIG.
You may /etc
find two generated certificate file directory, as shown in FIG.
3.3 simple to use
At this point, you can use a simple run directly following the command
turnserver -o -a -f -v --mobility -m 10 --max-bps=100000 --min-port=32355 --max-port=65535 --user=keda:keda1234 --user=keda2:keda1234 -r keda
among them:
- -m 10 represents the start ten relay thread
- -max-bps = 100000 limit the maximum speed of 100KB / s
- When the TURN Server for WebRTC, must be used long-term credential mechanism, i.e., -a specified or --lt-cred-mech
- Adds two users: keda and keda2, as well as the corresponding password
3.4 Custom Settings
3.4.1 Key information generating user
From the viewpoint of safety, you can generate a key for the account, so that you can log in directly through the key, without the need for a password.
key generated by turnadmin required (username, password, realm), realm is the start parameter specified turn server -r. Key user generated information, the command format is as follows:
turnadmin -k –u 用户名 -p 密码 -r 域名
For example, the user name = keda, password = keda1234, domain = keda, the command is as follows:
turnadmin -k –u keda -p keda1234 -r keda
Key information generated as shown in FIG.
3.4.2 Creating a user profile
Creating a user profile turnuserdb.conf, the command is as follows:
sudo vi /etc/turnuserdb.conf
Prior to populate generated username and key
3.4.3 modify the configuration file
First, use the ifconfig
command to check the card type server:
Second, modifying Coturn profile related commands are as follows:
vi /usr/local/etc/turnserver.conf
The contents of the configuration file as follows:
listening-device=填写自己的网卡类型
relay-device=填写自己的网卡类型
listening-ip=ip地址
listening-port=3478
tls-listening-port=5349
relay-ip=ip地址
external-ip=ip地址
relay-threads=50
lt-cred-mech
static-auth-secret=用户名
user=用户名:密钥
userdb=/etc/turnuserdb.conf
#max-bps=102400
pidfile="/var/run/turnserver.pid"
no-loopback-peers
no-multicast-peers
sha256
mobility
no-cli
cert=/etc/turn_server_cert.pem
pkey=/etc/turn_server_pkey.pem
stale-nonce
use-auth-secret
Verbose
fingerprint
Shown below, is arranged on the virtual machine:
3.4.4 Run turnserver
Use the following command to run turnserver can be used
sudo turnserver -L 192.168.186.141 -o -a -b /etc/turnuserdb.conf -f -r keda
4. Run verified and
4.1 Check operation of Turnserver
P2P penetrate the case of 4.2 verify Turnserver
Use the turnutils_uclient
tool to verify Turnserver of P2P penetrate cases, the relevant command is as follows:
turnutils_uclient -u keda -w keda1234 192.168.186.141
The results shown below
5. References
-
coturn (turn) server set up
https://blog.csdn.net/qq_16042523/article/details/52994785 -
Coturn project source
https://github.com/coturn/coturn.git -
webrtc Learning: deploy stun and turn server
http://www.cnblogs.com/lingdhox/p/4209659.html