知乎专栏 |
目录
RFC 文档
TURN specs: RFC 5766 - base TURN specs RFC 6156 - IPv6 extension for TURN Experimental DTLS support as client protocol. STUN specs: RFC 5389 - base "new" STUN specs RFC 5769 - test vectors for STUN protocol testing RFC 5780 - NAT behavior discovery support RFC 3489 STUN1
coturn 主要有两个包,分别是 coturn 和 coturn-utils,coturn-client-devel 我们用不到
[root@netkiller ~]# dnf search coturn Last metadata expiration check: 1:40:06 ago on Fri 07 Feb 2025 10:27:51 PM CST. ========================================= Name Exactly Matched: coturn ========================================= coturn.x86_64 : TURN/STUN & ICE Server ======================================== Name & Summary Matched: coturn ======================================== coturn-client-devel.x86_64 : Coturn client development headers coturn-utils.x86_64 : Coturn utils ============================================= Name Matched: coturn ============================================= coturn-client-libs.x86_64 : TURN client static library
安装 coturn 服务器
[root@netkiller ~]# dnf install coturn coturn-utils -y
查看一下包内有那些工具
[root@netkiller ~]# rpm -ql coturn | egrep "bin|etc" /etc/coturn /etc/coturn/turnserver.conf /etc/logrotate.d/coturn /etc/pki/coturn /etc/pki/coturn/private /etc/pki/coturn/public /usr/bin/turnadmin /usr/bin/turnserver /usr/share/doc/coturn/etc /usr/share/doc/coturn/etc/turnserver.conf [root@netkiller ~]# rpm -ql coturn-utils | grep bin /usr/bin/turnutils_natdiscovery /usr/bin/turnutils_oauth /usr/bin/turnutils_peer /usr/bin/turnutils_stunclient /usr/bin/turnutils_uclient
备份配置文件
cp /etc/coturn/turnserver.conf{,.original}
生成证书
openssl req -x509 -newkey rsa:2048 -keyout /etc/pki/coturn/private/turn_server_pkey.pem -out /etc/pki/coturn/public/turn_server_cert.pem -days 365 -nodes
创建用户和密码
turnadmin -a -u netkiller -p 123456 -r rtc.netkiller.cn
也可以通过配置文件 /etc/coturn/turnserver.conf 创建静态用户和密码
user=netkiller:123456 realm=rtc.netkiller.cn
开放防火墙端口
firewall-cmd --zone=public --add-port=3478/udp --permanent firewall-cmd --zone=public --add-port=5349/udp --permanent firewall-cmd --reload
/etc/coturn/turnserver.conf 配置文件
listening-ip=0.0.0.0 # 配置为0.0.0.0即可,会监听所有ip请求 listening-port=3478 # STUN服务端口为3478 tls-listening-port=5349 # STUN的 TLS 监听端口 relay-ip 配置为服务器的外网ip地址 external-ip 配置为服务器的外网ip地址
仅供参考
[root@netkiller ~]# grep -v ^# /etc/coturn/turnserver.conf | grep -v "^$" relay-ip=192.168.0.71 external-ip=139.29.154.210 user=neo:netkiller realm=netkiller.cn cert=/etc/pki/coturn/public/turn_server_cert.pem pkey=/etc/pki/coturn/private/turn_server_pkey.pem log-file=/var/log/coturn/turnserver.log simple-log cli-ip=127.0.0.1 cli-port=5766 cli-password=qwerty no-rfc5780 no-stun-backward-compatibility response-origin-only-with-rfc5780
启动服务
systemctl enable coturn systemctl start coturn
# 使用主机网络模式以支持全范围的端口映射
version: '3' services: coturn: image: coturn/coturn:latest container_name: coturn_server restart: unless-stopped network_mode: host volumes: # 映射配置文件 - /srv/etc/coturn/turnserver.conf:/etc/coturn/turnserver.conf:ro # 映射 TLS 证书和私钥(如果使用) - /srv/etc/coturn/certs:/etc/coturn/certs:ro
[root@netkiller ~]# grep -v ^# /etc/coturn/turnserver.conf | grep -v "^$" relay-ip=192.168.0.1 external-ip=139.19.154.21 user=neo:netkiller realm=netkiller.cn log-file=/var/log/coturn/turnserver.log simple-log cli-ip=127.0.0.1 cli-port=5766 cli-password=qwerty no-rfc5780 no-stun-backward-compatibility response-origin-only-with-rfc5780
var iceServers = { iceServers: [ { urls: 'turn:your-external-ip-address:3478', username: 'netkiller', credential: '123456' }] }; connection = new RTCPeerConnection(iceServers);
测试程序 turnutils_uclient
接着对使用coturn搭建的STUN/TURN服务使用turnutils_uclient程序测试其TURN服务是否正常。 直接连接服务测试服务是否正常。为保证测试使用的服务是TURN服务,在TURN服务启动时,关掉STUN服务。 在TURN服务启动时,如果是命令行,加入"--no-stun"配置;如果使用配置文件的话,加入"no-stun"选项。 使用coTurn服务启动TURN服务后,执行以下命令即可: turnutils_uclient -v -t -T -u <user> -w <password> xxx.xxx.xxx.xxx 参数说明: -v 表示给出详细提示 -t 使用TCP协议(默认使用UDP) -T TCP协议中继传输(默认是UDP) -u TURN的用户名 -w TURN服务对应用户的密码 xxx.xxx.xxx.xxx TURN服务的IP地址
确认端口状态
[root@netkiller ~]# lsof -i :3478 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME turnserve 2003533 coturn 24u IPv4 25225693 0t0 TCP localhost:stun (LISTEN) turnserve 2003533 coturn 25u IPv4 25231980 0t0 TCP localhost:stun (LISTEN) turnserve 2003533 coturn 26u IPv4 25225694 0t0 TCP netkiller:stun (LISTEN) turnserve 2003533 coturn 27u IPv4 25225695 0t0 TCP netkiller:stun (LISTEN)
[root@netkiller ~]# turnutils_uclient -v -t -T -u neo -w netkiller 127.0.0.1 0: (2003881): INFO: IPv4. Connected from: 127.0.0.1:58632 0: (2003881): INFO: IPv4. Connected to: 127.0.0.1:3478 0: (2003881): INFO: allocate sent 0: (2003881): INFO: allocate response received: 0: (2003881): INFO: allocate sent 0: (2003881): INFO: allocate response received: 0: (2003881): INFO: success 0: (2003881): INFO: IPv4. Received relay addr: 139.9.54.21:64324 0: (2003881): INFO: clnet_allocate: rtv=0 0: (2003881): INFO: refresh sent 0: (2003881): INFO: refresh response received: 0: (2003881): INFO: success 0: (2003881): INFO: IPv4. Connected from: 127.0.0.1:58642 0: (2003881): INFO: IPv4. Connected to: 127.0.0.1:3478 0: (2003881): INFO: IPv4. Connected from: 127.0.0.1:58644 0: (2003881): INFO: IPv4. Connected to: 127.0.0.1:3478 0: (2003881): INFO: allocate sent 0: (2003881): INFO: allocate response received: 0: (2003881): INFO: allocate sent 0: (2003881): INFO: allocate response received: 0: (2003881): INFO: success 0: (2003881): INFO: IPv4. Received relay addr: 139.9.54.21:60677 0: (2003881): INFO: clnet_allocate: rtv=0 0: (2003881): INFO: refresh sent 0: (2003881): INFO: refresh response received: 0: (2003881): INFO: success 0: (2003881): INFO: allocate sent 0: (2003881): INFO: allocate response received: 0: (2003881): INFO: allocate sent 0: (2003881): INFO: allocate response received: 0: (2003881): INFO: success 0: (2003881): INFO: IPv4. Received relay addr: 139.9.54.21:57197 0: (2003881): INFO: clnet_allocate: rtv=0 0: (2003881): INFO: refresh sent 0: (2003881): INFO: refresh response received: 0: (2003881): INFO: success 0: (2003881): INFO: create perm sent: 139.9.54.21:57197 0: (2003881): INFO: cp response received: 0: (2003881): INFO: success 0: (2003881): INFO: create perm sent: 139.9.54.21:60677 0: (2003881): INFO: cp response received: 0: (2003881): INFO: success 0: (2003881): INFO: tcp connect sent 0: (2003881): INFO: connection bind sent 0: (2003881): INFO: connect bind response received: 0: (2003881): INFO: success 0: (2003881): INFO: IPv4. TCP data network connected to: 127.0.0.1:3478 0: (2003881): INFO: connection bind sent 0: (2003881): INFO: connect bind response received: 0: (2003881): INFO: success 0: (2003881): INFO: IPv4. TCP data network connected to: 127.0.0.1:3478 0: (2003881): INFO: Total connect time is 0 0: (2003881): INFO: 2 connections are completed 1: (2003881): INFO: start_mclient: msz=2, tot_send_msgs=0, tot_recv_msgs=0, tot_send_bytes ~ 0, tot_recv_bytes ~ 0 2: (2003881): INFO: start_mclient: msz=2, tot_send_msgs=5, tot_recv_msgs=5, tot_send_bytes ~ 500, tot_recv_bytes ~ 500 3: (2003881): INFO: start_mclient: msz=2, tot_send_msgs=5, tot_recv_msgs=5, tot_send_bytes ~ 500, tot_recv_bytes ~ 500 3: (2003881): INFO: done, connection 0x7f009c80e010 closed. 3: (2003881): INFO: done, connection 0x7f009c82f010 closed. 3: (2003881): INFO: start_mclient: tot_send_msgs=10, tot_recv_msgs=10 3: (2003881): INFO: start_mclient: tot_send_bytes ~ 1000, tot_recv_bytes ~ 1000 3: (2003881): INFO: Total transmit time is 3 3: (2003881): INFO: Total lost packets 0 (0.000000%), total send dropped 0 (0.000000%) 3: (2003881): INFO: Average round trip delay 4.300000 ms; min = 0 ms, max = 21 ms 3: (2003881): INFO: Average jitter 8.400000 ms; min = 0 ms, max = 21 ms
[root@netkiller ~]# turnutils_stunclient -p 3478 127.0.0.1 0: (2004030): INFO: IPv4. UDP reflexive addr: 127.0.0.1:45826
[root@netkiller ~]# turnutils_natdiscovery -m 127.0.0.1 -= Mapping Behavior Discovery =- 0: (2003693): INFO: IPv4. UDP reflexive addr: 127.0.0.1:39570 0: (2003693): INFO: IPv4. Local addr: : 0.0.0.0:39570 [root@netkiller ~]# turnutils_natdiscovery -f 127.0.0.1 -= Filtering Behavior Discovery =- 0: (2003696): INFO: IPv4. UDP reflexive addr: 127.0.0.1:57186 0: (2003696): INFO: IPv4. Local addr: : 0.0.0.0:57186
[root@netkiller ~]# turnutils_peer -v 0: (2003645): INFO: Start 0: (2003645): INFO: End 0: (2003645): INFO: Start 0: (2003645): INFO: End 0: (2003645): INFO: Start 0: (2003645): INFO: End 0: (2003645): INFO: Start 0: (2003645): INFO: End
[root@netkiller ~]# journalctl -f -u coturn.service Feb 09 12:17:58 netkiller systemd[1]: Stopping coturn... Feb 09 12:17:58 netkiller systemd[1]: coturn.service: Deactivated successfully. Feb 09 12:17:58 netkiller systemd[1]: Stopped coturn. Feb 09 12:17:58 netkiller systemd[1]: Starting coturn... Feb 09 12:17:58 netkiller systemd[1]: Started coturn. Feb 09 12:29:50 netkiller systemd[1]: Stopping coturn... Feb 09 12:29:53 netkiller systemd[1]: coturn.service: Deactivated successfully. Feb 09 12:29:53 netkiller systemd[1]: Stopped coturn. Feb 09 12:29:53 netkiller systemd[1]: Starting coturn... Feb 09 12:29:53 netkiller systemd[1]: Started coturn.
[root@netkiller ~]# ss -lnu | grep 5349 | uniq UNCONN 0 0 172.20.0.1:5349 0.0.0.0:* UNCONN 0 0 172.19.0.1:5349 0.0.0.0:* UNCONN 0 0 172.18.0.1:5349 0.0.0.0:* UNCONN 0 0 172.17.0.1:5349 0.0.0.0:* UNCONN 0 0 192.168.0.71:5349 0.0.0.0:* UNCONN 0 0 127.0.0.1:5349 0.0.0.0:* UNCONN 0 0 [::1]:5349 [::]:*
[root@netkiller ~]# lsof -i :5349 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME turnserve 3682428 coturn 17u IPv4 457568013 0t0 TCP localhost:stuns (LISTEN) turnserve 3682428 coturn 23u IPv4 457568015 0t0 TCP netkiller:stuns (LISTEN) turnserve 3682428 coturn 25u IPv4 457568017 0t0 TCP netkiller:stuns (LISTEN) turnserve 3682428 coturn 27u IPv4 457568019 0t0 TCP netkiller:stuns (LISTEN) turnserve 3682428 coturn 33u IPv4 457568021 0t0 TCP netkiller:stuns (LISTEN)
[root@netkiller ~]# turnutils_stunclient -p 5349 127.0.0.1 0: (3682626): INFO: IPv4. UDP reflexive addr: 127.0.0.1:56035
0: (3681669): WARNING: cannot find private key file: /etc/pki/coturn/private/turn_server_pkey.pem (1) 0: (3681669): WARNING: cannot start TLS and DTLS listeners because private key file is not set properly
排除权限
[root@netkiller ~]# ll /etc/pki/coturn/private/turn_server_pkey.pem -rw------- 1 root root 1704 Feb 9 12:29 /etc/pki/coturn/private/turn_server_pkey.pem
修改权限
[root@netkiller ~]# chown coturn:coturn /etc/pki/coturn/private/turn_server_pkey.pem [root@netkiller ~]# ll /etc/pki/coturn/private/ total 4 -rw------- 1 coturn coturn 1704 Feb 9 12:29 turn_server_pkey.pem
重启,然后检查日志
==== Show him the instruments, Practical Frost: ==== 0: (3682428): INFO: OpenSSL compile-time version: OpenSSL 3.2.2 4 Jun 2024 (0x30200020) 0: (3682428): INFO: TLS 1.3 supported 0: (3682428): INFO: DTLS 1.2 supported 0: (3682428): INFO: TURN/STUN ALPN supported 0: (3682428): INFO: Third-party authorization (oAuth) supported 0: (3682428): INFO: GCM (AEAD) supported 0: (3682428): INFO: SQLite supported, default database location is /var/lib/coturn/turndb 0: (3682428): INFO: Redis supported 0: (3682428): INFO: PostgreSQL supported 0: (3682428): INFO: MySQL supported 0: (3682428): INFO: MongoDB is not supported 0: (3682428): INFO: Default Net Engine version: 3 (UDP thread per CPU core) 0: (3682428): INFO: Domain name: 0: (3682428): INFO: Default realm: stun.netkiller.cn 0: (3682428): INFO: Certificate file found: /etc/pki/coturn/public/turn_server_cert.pem 0: (3682428): INFO: Private key file found: /etc/pki/coturn/private/turn_server_pkey.pem 0: (3682428): INFO: TLS cipher suite: ALL:!COMPLEMENTOFDEFAULT:!eNULL:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256 0: (3682428): INFO: DTLS cipher suite: ALL:!COMPLEMENTOFDEFAULT:!eNULL:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256 0: (3682428): WARNING: NO EXPLICIT LISTENER ADDRESS(ES) ARE CONFIGURED 0: (3682428): INFO: ===========Discovering listener addresses: ========= 0: (3682428): INFO: Listener address to use: 127.0.0.1 0: (3682428): INFO: Listener address to use: 192.168.0.71 0: (3682428): INFO: Listener address to use: 172.17.0.1 0: (3682428): INFO: Listener address to use: 172.18.0.1 0: (3682428): INFO: Listener address to use: 172.19.0.1 0: (3682428): INFO: Listener address to use: 172.20.0.1 0: (3682428): INFO: Listener address to use: ::1 0: (3682428): INFO: ===================================================== 0: (3682428): INFO: Total: 5 'real' addresses discovered 0: (3682428): INFO: ===================================================== 0: (3682428): INFO: pid file created: /run/coturn/turnserver.pid 0: (3682428): INFO: IO method: epoll (with changelist) 0: (3682428): INFO: RFC5780 disabled! /NAT behavior discovery/ 0: (3682428): INFO: Wait for relay ports initialization... 0: (3682428): INFO: relay 192.168.0.71 initialization... 0: (3682428): INFO: relay 192.168.0.71 initialization done 0: (3682428): INFO: Relay ports initialization done 0: (3682430): DEBUG: turn server id=0 created 0: (3682432): DEBUG: turn server id=2 created 0: (3682431): DEBUG: turn server id=1 created 0: (3682434): DEBUG: turn server id=4 created 0: (3682433): DEBUG: turn server id=3 created 0: (3682428): INFO: Total General servers: 8 0: (3682435): DEBUG: turn server id=5 created 0: (3682436): DEBUG: turn server id=6 created 0: (3682437): DEBUG: turn server id=7 created 0: (3682428): INFO: Total auth threads: 5 0: (3682428): INFO: turnserver compiled without prometheus support