Home | 简体中文 | 繁体中文 | 杂文 | Github | 知乎专栏 | Facebook | Linkedin | Youtube | 打赏(Donations) | About
知乎专栏

第 169 章 WebRTC/Ortc

目录

169.1. coturn - ICE Server
169.1.1. DNF 安装 coturn
169.1.2. TUN 配置例子
169.1.3. Javascript 连接 ICE Server 例子
169.1.4. 测试
169.1.5. FAQ

169.1. coturn - ICE Server

RFC 文档

		
TURN specs:  
   RFC 5766 - base TURN specs  
   RFC 6156 - IPv6 extension for TURN  
   Experimental DTLS support as client protocol.  


STUN specs:  
   RFC 5389 - base "new" STUN specs  
   RFC 5769 - test vectors for STUN protocol testing  
   RFC 5780 - NAT behavior discovery support  
   RFC 3489 STUN1 		
		
		

169.1.1. DNF 安装 coturn

coturn 主要有两个包,分别是 coturn 和 coturn-utils,coturn-client-devel 我们用不到

			
[root@netkiller ~]# dnf search coturn
Last metadata expiration check: 1:40:06 ago on Fri 07 Feb 2025 10:27:51 PM CST.
========================================= Name Exactly Matched: coturn =========================================
coturn.x86_64 : TURN/STUN & ICE Server
======================================== Name & Summary Matched: coturn ========================================
coturn-client-devel.x86_64 : Coturn client development headers
coturn-utils.x86_64 : Coturn utils
============================================= Name Matched: coturn =============================================
coturn-client-libs.x86_64 : TURN client static library			
			
			

安装 coturn 服务器

			
[root@netkiller ~]# dnf install coturn coturn-utils -y			
			
			

查看一下包内有那些工具

			
[root@netkiller ~]# rpm -ql coturn | egrep "bin|etc"
/etc/coturn
/etc/coturn/turnserver.conf
/etc/logrotate.d/coturn
/etc/pki/coturn
/etc/pki/coturn/private
/etc/pki/coturn/public
/usr/bin/turnadmin
/usr/bin/turnserver
/usr/share/doc/coturn/etc
/usr/share/doc/coturn/etc/turnserver.conf

[root@netkiller ~]# rpm -ql coturn-utils | grep bin
/usr/bin/turnutils_natdiscovery
/usr/bin/turnutils_oauth
/usr/bin/turnutils_peer
/usr/bin/turnutils_stunclient
/usr/bin/turnutils_uclient	
			
			

备份配置文件

			
cp /etc/coturn/turnserver.conf{,.original}
			
			

生成证书

			
openssl req -x509 -newkey rsa:2048 -keyout /etc/pki/coturn/private/turn_server_pkey.pem -out /etc/pki/coturn/public/turn_server_cert.pem -days 365 -nodes			
			
			

创建用户和密码

			
turnadmin -a -u netkiller -p 123456 -r rtc.netkiller.cn
			
			

也可以通过配置文件 /etc/coturn/turnserver.conf 创建静态用户和密码

			
user=netkiller:123456
realm=rtc.netkiller.cn		
			
			

开放防火墙端口

			
firewall-cmd --zone=public --add-port=3478/udp --permanent
firewall-cmd --zone=public --add-port=5349/udp --permanent
firewall-cmd --reload			
			
			

/etc/coturn/turnserver.conf 配置文件

			
listening-ip=0.0.0.0 	# 配置为0.0.0.0即可,会监听所有ip请求
listening-port=3478 	# STUN服务端口为3478
tls-listening-port=5349	# STUN的 TLS 监听端口
relay-ip		配置为服务器的外网ip地址
external-ip 	配置为服务器的外网ip地址			
			
			

仅供参考

		
[root@netkiller ~]# grep -v ^# /etc/coturn/turnserver.conf | grep -v "^$"
relay-ip=192.168.0.71
external-ip=139.29.154.210
user=neo:netkiller
realm=netkiller.cn
cert=/etc/pki/coturn/public/turn_server_cert.pem
pkey=/etc/pki/coturn/private/turn_server_pkey.pem
log-file=/var/log/coturn/turnserver.log
simple-log
cli-ip=127.0.0.1
cli-port=5766
cli-password=qwerty
no-rfc5780
no-stun-backward-compatibility
response-origin-only-with-rfc5780		
		
			

启动服务

			
systemctl enable coturn
systemctl start coturn			
			
			

169.1.1.1. Docker 安装 coturn

# 使用主机网络模式以支持全范围的端口映射

			
version: '3'

services:
  coturn:
    image: coturn/coturn:latest
    container_name: coturn_server
    restart: unless-stopped
    network_mode: host
    volumes:
      # 映射配置文件
      - /srv/etc/coturn/turnserver.conf:/etc/coturn/turnserver.conf:ro
      # 映射 TLS 证书和私钥(如果使用)
      - /srv/etc/coturn/certs:/etc/coturn/certs:ro			
			
				

169.1.2. TUN 配置例子

			
[root@netkiller ~]# grep -v ^# /etc/coturn/turnserver.conf | grep -v "^$"
relay-ip=192.168.0.1
external-ip=139.19.154.21
user=neo:netkiller
realm=netkiller.cn
log-file=/var/log/coturn/turnserver.log
simple-log
cli-ip=127.0.0.1
cli-port=5766
cli-password=qwerty
no-rfc5780
no-stun-backward-compatibility
response-origin-only-with-rfc5780			
			
			

			
			
			
			

169.1.3. Javascript 连接 ICE Server 例子

			
var iceServers = {
    iceServers: [
        {
            urls: 'turn:your-external-ip-address:3478',
            username: 'netkiller',
            credential: '123456'
        }]
};

connection = new RTCPeerConnection(iceServers);
			
			
			

169.1.4. 测试

测试程序 turnutils_uclient

			
接着对使用coturn搭建的STUN/TURN服务使用turnutils_uclient程序测试其TURN服务是否正常。
直接连接服务测试服务是否正常。为保证测试使用的服务是TURN服务,在TURN服务启动时,关掉STUN服务。
在TURN服务启动时,如果是命令行,加入"--no-stun"配置;如果使用配置文件的话,加入"no-stun"选项。
使用coTurn服务启动TURN服务后,执行以下命令即可:

turnutils_uclient -v -t -T -u <user> -w <password> xxx.xxx.xxx.xxx

参数说明:

-v 表示给出详细提示
-t 使用TCP协议(默认使用UDP)
-T TCP协议中继传输(默认是UDP)
-u TURN的用户名
-w TURN服务对应用户的密码
xxx.xxx.xxx.xxx TURN服务的IP地址
			
			

169.1.4.1. TUN

确认端口状态

			
[root@netkiller ~]# lsof -i :3478
COMMAND       PID   USER   FD   TYPE   DEVICE SIZE/OFF NODE NAME
turnserve 2003533 coturn   24u  IPv4 25225693      0t0  TCP localhost:stun (LISTEN)
turnserve 2003533 coturn   25u  IPv4 25231980      0t0  TCP localhost:stun (LISTEN)
turnserve 2003533 coturn   26u  IPv4 25225694      0t0  TCP netkiller:stun (LISTEN)
turnserve 2003533 coturn   27u  IPv4 25225695      0t0  TCP netkiller:stun (LISTEN)			
			
				
			
[root@netkiller ~]# turnutils_uclient -v -t -T -u neo -w netkiller 127.0.0.1
0: (2003881): INFO: IPv4. Connected from: 127.0.0.1:58632
0: (2003881): INFO: IPv4. Connected to: 127.0.0.1:3478
0: (2003881): INFO: allocate sent
0: (2003881): INFO: allocate response received: 
0: (2003881): INFO: allocate sent
0: (2003881): INFO: allocate response received: 
0: (2003881): INFO: success
0: (2003881): INFO: IPv4. Received relay addr: 139.9.54.21:64324
0: (2003881): INFO: clnet_allocate: rtv=0
0: (2003881): INFO: refresh sent
0: (2003881): INFO: refresh response received: 
0: (2003881): INFO: success
0: (2003881): INFO: IPv4. Connected from: 127.0.0.1:58642
0: (2003881): INFO: IPv4. Connected to: 127.0.0.1:3478
0: (2003881): INFO: IPv4. Connected from: 127.0.0.1:58644
0: (2003881): INFO: IPv4. Connected to: 127.0.0.1:3478
0: (2003881): INFO: allocate sent
0: (2003881): INFO: allocate response received: 
0: (2003881): INFO: allocate sent
0: (2003881): INFO: allocate response received: 
0: (2003881): INFO: success
0: (2003881): INFO: IPv4. Received relay addr: 139.9.54.21:60677
0: (2003881): INFO: clnet_allocate: rtv=0
0: (2003881): INFO: refresh sent
0: (2003881): INFO: refresh response received: 
0: (2003881): INFO: success
0: (2003881): INFO: allocate sent
0: (2003881): INFO: allocate response received: 
0: (2003881): INFO: allocate sent
0: (2003881): INFO: allocate response received: 
0: (2003881): INFO: success
0: (2003881): INFO: IPv4. Received relay addr: 139.9.54.21:57197
0: (2003881): INFO: clnet_allocate: rtv=0
0: (2003881): INFO: refresh sent
0: (2003881): INFO: refresh response received: 
0: (2003881): INFO: success
0: (2003881): INFO: create perm sent: 139.9.54.21:57197
0: (2003881): INFO: cp response received: 
0: (2003881): INFO: success
0: (2003881): INFO: create perm sent: 139.9.54.21:60677
0: (2003881): INFO: cp response received: 
0: (2003881): INFO: success
0: (2003881): INFO: tcp connect sent
0: (2003881): INFO: connection bind sent
0: (2003881): INFO: connect bind response received: 
0: (2003881): INFO: success
0: (2003881): INFO: IPv4. TCP data network connected to: 127.0.0.1:3478
0: (2003881): INFO: connection bind sent
0: (2003881): INFO: connect bind response received: 
0: (2003881): INFO: success
0: (2003881): INFO: IPv4. TCP data network connected to: 127.0.0.1:3478
0: (2003881): INFO: Total connect time is 0
0: (2003881): INFO: 2 connections are completed
1: (2003881): INFO: start_mclient: msz=2, tot_send_msgs=0, tot_recv_msgs=0, tot_send_bytes ~ 0, tot_recv_bytes ~ 0
2: (2003881): INFO: start_mclient: msz=2, tot_send_msgs=5, tot_recv_msgs=5, tot_send_bytes ~ 500, tot_recv_bytes ~ 500
3: (2003881): INFO: start_mclient: msz=2, tot_send_msgs=5, tot_recv_msgs=5, tot_send_bytes ~ 500, tot_recv_bytes ~ 500
3: (2003881): INFO: done, connection 0x7f009c80e010 closed.
3: (2003881): INFO: done, connection 0x7f009c82f010 closed.
3: (2003881): INFO: start_mclient: tot_send_msgs=10, tot_recv_msgs=10
3: (2003881): INFO: start_mclient: tot_send_bytes ~ 1000, tot_recv_bytes ~ 1000
3: (2003881): INFO: Total transmit time is 3
3: (2003881): INFO: Total lost packets 0 (0.000000%), total send dropped 0 (0.000000%)
3: (2003881): INFO: Average round trip delay 4.300000 ms; min = 0 ms, max = 21 ms
3: (2003881): INFO: Average jitter 8.400000 ms; min = 0 ms, max = 21 ms			
			
				
			
[root@netkiller ~]# turnutils_stunclient -p 3478 127.0.0.1
0: (2004030): INFO: IPv4. UDP reflexive addr: 127.0.0.1:45826				
			
				
			
[root@netkiller ~]# turnutils_natdiscovery -m 127.0.0.1

-= Mapping Behavior Discovery =-
0: (2003693): INFO: IPv4. UDP reflexive addr: 127.0.0.1:39570
0: (2003693): INFO: IPv4. Local addr: : 0.0.0.0:39570

[root@netkiller ~]# turnutils_natdiscovery -f 127.0.0.1

-= Filtering Behavior Discovery =-
0: (2003696): INFO: IPv4. UDP reflexive addr: 127.0.0.1:57186
0: (2003696): INFO: IPv4. Local addr: : 0.0.0.0:57186			
			
				
			
[root@netkiller ~]# turnutils_peer -v
0: (2003645): INFO: Start
0: (2003645): INFO: End
0: (2003645): INFO: Start
0: (2003645): INFO: End
0: (2003645): INFO: Start
0: (2003645): INFO: End
0: (2003645): INFO: Start
0: (2003645): INFO: End			
			
				

			
[root@netkiller ~]# journalctl -f -u coturn.service
Feb 09 12:17:58 netkiller systemd[1]: Stopping coturn...
Feb 09 12:17:58 netkiller systemd[1]: coturn.service: Deactivated successfully.
Feb 09 12:17:58 netkiller systemd[1]: Stopped coturn.
Feb 09 12:17:58 netkiller systemd[1]: Starting coturn...
Feb 09 12:17:58 netkiller systemd[1]: Started coturn.
Feb 09 12:29:50 netkiller systemd[1]: Stopping coturn...
Feb 09 12:29:53 netkiller systemd[1]: coturn.service: Deactivated successfully.
Feb 09 12:29:53 netkiller systemd[1]: Stopped coturn.
Feb 09 12:29:53 netkiller systemd[1]: Starting coturn...
Feb 09 12:29:53 netkiller systemd[1]: Started coturn.			
			
				

169.1.4.2. STUN

				
[root@netkiller ~]# ss -lnu | grep 5349 | uniq 
UNCONN 0      0         172.20.0.1:5349       0.0.0.0:*          
UNCONN 0      0         172.19.0.1:5349       0.0.0.0:*          
UNCONN 0      0         172.18.0.1:5349       0.0.0.0:*          
UNCONN 0      0         172.17.0.1:5349       0.0.0.0:*          
UNCONN 0      0       192.168.0.71:5349       0.0.0.0:*          
UNCONN 0      0          127.0.0.1:5349       0.0.0.0:*          
UNCONN 0      0              [::1]:5349          [::]:* 				
				
				

				
[root@netkiller ~]# lsof -i :5349
COMMAND       PID   USER   FD   TYPE    DEVICE SIZE/OFF NODE NAME
turnserve 3682428 coturn   17u  IPv4 457568013      0t0  TCP localhost:stuns (LISTEN)
turnserve 3682428 coturn   23u  IPv4 457568015      0t0  TCP netkiller:stuns (LISTEN)
turnserve 3682428 coturn   25u  IPv4 457568017      0t0  TCP netkiller:stuns (LISTEN)
turnserve 3682428 coturn   27u  IPv4 457568019      0t0  TCP netkiller:stuns (LISTEN)
turnserve 3682428 coturn   33u  IPv4 457568021      0t0  TCP netkiller:stuns (LISTEN)				
							
				
				
[root@netkiller ~]# turnutils_stunclient -p 5349 127.0.0.1
0: (3682626): INFO: IPv4. UDP reflexive addr: 127.0.0.1:56035
				
				

169.1.5. FAQ

169.1.5.1. cannot find private key file

				
0: (3681669): WARNING: cannot find private key file: /etc/pki/coturn/private/turn_server_pkey.pem (1)
0: (3681669): WARNING: cannot start TLS and DTLS listeners because private key file is not set properly			
				
				

排除权限

				
[root@netkiller ~]# ll /etc/pki/coturn/private/turn_server_pkey.pem
-rw------- 1 root root 1704 Feb  9 12:29 /etc/pki/coturn/private/turn_server_pkey.pem				
							
				

修改权限

				
[root@netkiller ~]# chown coturn:coturn /etc/pki/coturn/private/turn_server_pkey.pem
[root@netkiller ~]# ll /etc/pki/coturn/private/
total 4
-rw------- 1 coturn coturn 1704 Feb  9 12:29 turn_server_pkey.pem				
				
				

重启,然后检查日志

				
==== Show him the instruments, Practical Frost: ====

0: (3682428): INFO: OpenSSL compile-time version: OpenSSL 3.2.2 4 Jun 2024 (0x30200020)
0: (3682428): INFO: TLS 1.3 supported
0: (3682428): INFO: DTLS 1.2 supported
0: (3682428): INFO: TURN/STUN ALPN supported
0: (3682428): INFO: Third-party authorization (oAuth) supported
0: (3682428): INFO: GCM (AEAD) supported
0: (3682428): INFO: SQLite supported, default database location is /var/lib/coturn/turndb
0: (3682428): INFO: Redis supported
0: (3682428): INFO: PostgreSQL supported
0: (3682428): INFO: MySQL supported
0: (3682428): INFO: MongoDB is not supported
0: (3682428): INFO: Default Net Engine version: 3 (UDP thread per CPU core)
0: (3682428): INFO: Domain name: 
0: (3682428): INFO: Default realm: stun.netkiller.cn
0: (3682428): INFO: Certificate file found: /etc/pki/coturn/public/turn_server_cert.pem
0: (3682428): INFO: Private key file found: /etc/pki/coturn/private/turn_server_pkey.pem
0: (3682428): INFO: TLS cipher suite: ALL:!COMPLEMENTOFDEFAULT:!eNULL:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
0: (3682428): INFO: DTLS cipher suite: ALL:!COMPLEMENTOFDEFAULT:!eNULL:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
0: (3682428): WARNING: NO EXPLICIT LISTENER ADDRESS(ES) ARE CONFIGURED
0: (3682428): INFO: ===========Discovering listener addresses: =========
0: (3682428): INFO: Listener address to use: 127.0.0.1
0: (3682428): INFO: Listener address to use: 192.168.0.71
0: (3682428): INFO: Listener address to use: 172.17.0.1
0: (3682428): INFO: Listener address to use: 172.18.0.1
0: (3682428): INFO: Listener address to use: 172.19.0.1
0: (3682428): INFO: Listener address to use: 172.20.0.1
0: (3682428): INFO: Listener address to use: ::1
0: (3682428): INFO: =====================================================
0: (3682428): INFO: Total: 5 'real' addresses discovered
0: (3682428): INFO: =====================================================
0: (3682428): INFO: pid file created: /run/coturn/turnserver.pid
0: (3682428): INFO: IO method: epoll (with changelist)
0: (3682428): INFO: RFC5780 disabled! /NAT behavior discovery/
0: (3682428): INFO: Wait for relay ports initialization...
0: (3682428): INFO:   relay 192.168.0.71 initialization...
0: (3682428): INFO:   relay 192.168.0.71 initialization done
0: (3682428): INFO: Relay ports initialization done
0: (3682430): DEBUG: turn server id=0 created
0: (3682432): DEBUG: turn server id=2 created
0: (3682431): DEBUG: turn server id=1 created
0: (3682434): DEBUG: turn server id=4 created
0: (3682433): DEBUG: turn server id=3 created
0: (3682428): INFO: Total General servers: 8
0: (3682435): DEBUG: turn server id=5 created
0: (3682436): DEBUG: turn server id=6 created
0: (3682437): DEBUG: turn server id=7 created
0: (3682428): INFO: Total auth threads: 5
0: (3682428): INFO: turnserver compiled without prometheus support