table of Contents
STUN / TURN server set up
Compile and install
- Compile and install OpenSSL;
sudo apt-get install libssl-dev
- Compile and install the latest version of libevent;
wget https://github.com/downloads/libevent/libevent/libevent-2.0.21-stable.tar.gz
tar xvfz libevent-2.0.21-stable.tar.gz
cd libevent-2.0.21-stable
./configure
make
sudo make install
- coturn may choose to use multiple databases, the SQLite is used herein, using the command
sudo apt-get install sqlite
(or sqlite3) andsudo apt-get install libsqlite3-dev
(or sqlite3-dev) is mounted; - Compile coturn;
download coturn
tar xvfz turnserver-<...>.tar.gz
./configure
make
sudo make install
Do not use --prefix = / opt parameter when executing ./configure command, because OpenSSL is installed in the default location via apt-get, if you install to a different location libevent will not find the OpenSSL library files.
After the installation is complete, generate six executable files in the bin directory:
- turnserver - STUN / TURN server
- turnadmin - used to configure, manage accounts
- turnutils_stunclient - STUN service for testing
- turnutils_uclient TURN service for testing, simulation plurality of UDP, TCP, TLS, or type of client DTLS
- turnutils_peer
- turnutils_rfc5769check
Configured to use
Add user
$ sudo turnadmin -a -u you_name -p you_password -r you_realm
This uses a default SQLite database, which -a
represents a long-term user add, -u <user>
user name, -p <password>
a password, -r <realm>
Realm belongs to the user. Realm need to specify when you start turnserver, only the user can log in to the Realm.
Attention must be configured with root privileges, otherwise it will fail to configure, but no error.
Start server
End users can configure after the start turnserver, and needs a configuration file before the first start, which is generated using the template, then you can start turnserver up.
sudo cp /usr/local/etc/turnserver.conf.default /usr/local/etc/turnserver.conf
sudo turnserver -a -f -v -r lynky
Wherein the -a
indication mechanism for long-term, -r
for the Realm specified, only the user can be used in this Realm server.
test
You can use Trickle ICE test
STUN
Use the following command to test the use of STUN service is available, the only parameter is the IP address or domain name of the STUN server.
turnutils_stunclient 132.232.100.103
TURN
Use the following command to test the service using TURN available, it is worth noting that the user must specify under Realm when turnserver start.
turnutils_uclient -u lynky -w lynky123 132.232.100.103
boot
modify/etc/turnserver.conf
listening-ip=127.0.0.1
listening-ip=172.16.0.99 # 内网ip
external-ip=221.208.117.45 # 公网ip,如果服务器在NAT后需要指定该参数
fingerprint
lt-cred-mech
realm=<you_realm_name>
Add to/etc/systemd/system/turnserver.service
[Unit]
Description=coturn
Documentation=man:coturn(1) man:turnadmin(1) man:turnserver(1)
After=syslog.target network.target
[Service]
Type=forking
PIDFile=/var/run/turnserver.pid
ExecStart=/usr/local/bin/turnserver --daemon --pidfile /var/run/turnserver.pid -c /etc/turnserver.conf
ExecStopPost=/usr/bin/rm -f /var/run/turnserver.pid
Restart=on-abort
LimitCORE=infinity
LimitNOFILE=999999
LimitNPROC=60000
LimitRTPRIO=infinity
LimitRTTIME=7000000
CPUSchedulingPolicy=other
Then execute the following command
# 使服务自动启动
sudo systemctl enable turnserver.service
# 启动服务
sudo systemctl start turnserver
# 停止服务
sudo systemctl stop turnserver
reference
[1] network connection under WebRTC: the STUN, the TURN, the ICE, the TCP
[2] yourself build WebRTC TURN & STUN server
[. 3] CoturnConfig