[TOC] # 声明: 这里完全是按照这篇博客安装部署的 ``` https://blog.csdn.net/fightfaith/article/details/73276323 ``` # 安装配置turnserver ## 第1章 相关链接 ``` https://github.com/coturn/coturn https://github.com/coturn/coturn/wiki/turnserver https://github.com/coturn/coturn/blob/master/INSTALL ``` ## 第2章 安装配置 ### 2.1 安装 ``` [root@webrtc-80 ~]# apt-get update [root@webrtc-80 ~]# apt-get install coturn -y [root@webrtc-80 ~]# dpkg -L coturn ``` ### 2.2 配置 #### 2.2.1 配置文件路径 ``` /etc/turnserver.conf ``` #### 2.2.2 配置修改内容 ``` 18 listening-port=3478 30 tls-listening-port=5349 52 listening-ip=192.168.47.80 97 relay-ip=192.168.47.80 120 external-ip=192.168.47.80 217 server-name=test.com 317 realm=test.com 166 lt-cred-mech 260 userdb=/var/lib/turn/turndb 396 cert=/etc/turn_server_cert.pem 403 pkey=/etc/turn_server_pkey.pem 446 no-stdout-log 459 log-file=/var/tmp/turnserver.log 558 pidfile="/var/run/turnserver.pid" ``` #### 2.2.3 配置字段含义 ``` listening-port: turnserver监听UDP/TCP端口,默认为3478; tls-listening-port: turnserver监听TLS/DTLS端口,默认为5349, 将TCP/UDP和TLS/DTLS分别定义监听端口是符合RFC5766规范的,但是通过配置两者能使用同一端口,不推荐; listening-ip: 中继服务器的监听IP地址,可以配置多个; relay-ip: 中继服务器的IP地址; external-ip: 外部IP,当中继服务器在NAT网络内部时指定,此处可以不添加; server-name: 服务器名称,用于OAuth认证,默认和realm相同; realm: 域名; userdb: 用于保存用户信息; cert/pkey: 自签名证书相关; ``` #### 2.2.4 注意事项 ``` 1) coturn使用了SQLlite作为存储,请保证userdb的正确配置(userdb=/var/lib/turn/turndb),不需要添加turnuserdb.conf文件(turnuserdb.conf多用于restund的配置方式); 2) cert和pkey配置的自签名证书用Openssl命令生成 openssl req -x509 -newkey rsa:2048 -keyout /etc/turn_server_pkey.pem -out /etc/turn_server_cert.pem -days 99999 -nodes 3) 配置成功后生成用户名/密码 turnadmin -k -u -r -p //turnadmin -k -a -u btzh -r ice.btzh.net -p webrtc 执行上述命令后,会创建一个用户/密码,并添加到SQLlite数据库中. 参数含义请参见 man turnadmin ``` #### 2.2.5 证书生成过程 ``` [root@webrtc-80 ~]# openssl req -x509 -newkey rsa:2048 -keyout /etc/turn_server_pkey.pem -out /etc/turn_server_cert.pem -days 99999 -nodes [root@webrtc-80 ~]# turnadmin -k -u -r -p //turnadmin -k -a -u btzh -r ice.btzh.net -p webrtc 0: log file opened: /var/log/turn_18903_2018-04-08.log 0: Config file found: /root/../etc/turnuserdb.conf [root@webrtc-80 ~]# ll /etc/turn_server_* -rw-r--r-- 1 root root 1.7K Apr 8 17:26 /etc/turn_server_pkey.pem -rw-r--r-- 1 root root 1.3K Apr 8 17:26 /etc/turn_server_cert.pem ``` ## 2.3 启动服务 后台启动,这里后台启动失败,原因未确定 ``` service coturn start ``` 前台启动 ``` turnserver ``` 初次运行请使用非后台启动,会显示当前运行状态,如果有错误会直接显示在控制台上. ``` [root@webrtc-80 ~]# turnserver 0: log file opened: /var/log/turn_18927_2018-04-08.log 0: RFC 3489/5389/5766/5780/6062/6156 STUN/TURN Server Version Coturn-4.2.1.2 'Monza' 0: Max number of open files/sockets allowed for this process: 65536 0: Due to the open files/sockets limitation, max supported number of TURN Sessions possible is: 32500 (approximately) 0: ==== Show him the instruments, Practical Frost: ==== 0: TLS supported 0: DTLS supported 0: AEAD supported 0: Redis supported 0: PostgreSQL supported 0: MySQL supported 0: MongoDB is not supported 0: OpenSSL compile-time version 0x1000105f: fresh enough 0: Default Net Engine version: 2 (UDP thread per network endpoint) ===================================================== 0: Config file found: /root/../etc/turnserver.conf 0: Listener address to use: 192.168.47.80 0: Relay address to use: 192.168.47.80 ``` ## 2.4 验证监听 ``` [root@webrtc-80 ~]# lsof -n -i4TCP:3478 | grep LISTEN turnserve 18927 root 27u IPv4 31966 0t0 TCP 192.168.47.80:3478 (LISTEN) [root@webrtc-80 ~]# lsof -n -i4TCP:5349 | grep LISTEN turnserve 18927 root 28u IPv4 31967 0t0 TCP 192.168.47.80:5349 (LISTEN) ``` ## 2.5 验证服务 ``` [root@webrtc-80 ~]# echo "192.168.47.80 test.com" >> /etc/hosts [root@webrtc-80 ~]# ping test.com PING test.com (192.168.47.80) 56(84) bytes of data. 64 bytes from test.com (192.168.47.80): icmp_seq=1 ttl=64 time=0.014 ms [root@webrtc-80 ~]# curl 192.168.47.80:3478 <!DOCTYPE html> <html> <head> <title>TURN Server</title> </head> <body> TURN Server </body> </html> [root@webrtc-80 ~]# curl test.com:3478 <!DOCTYPE html> <html> <head> <title>TURN Server</title> </head> <body> TURN Server </body> </html> ``` 网页访问绑定hosts后访问http://test.com:3478 ``` ![](https://box.kancloud.cn/73ffe28e0f6b5520d121dc96cac6ebc3_466x125.png) ``` ## 2.6 查看日志 ``` [root@webrtc-80 ~]# tail -f /var/tmp/turnserver_2018-04-08.log 0: IO method (udp listener/relay thread): epoll (with changelist) 0: IO method (general relay thread): epoll (with changelist) 0: turn server id=1 created 0: turn server id=128 created 0: IO method (udp listener/relay thread): epoll (with changelist) 0: turn server id=129 created 0: Total UDP servers: 2 0: Total General servers: 2 0: IO method (auth thread): epoll (with changelist) 0: IO method (cli thread): epoll (with changelist) 15: read_client_connection: HTTP request: GET / HTTP/1.1 Host: test.com:3478 Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9 ```