webRTC: 基于coturn项目的stun/turn服务器搭建

webrtc是google推出的基于浏览器的实时语音-视频通讯架构。其典型的应用场景为：浏览器之间端到端(p2p)实时视频对话，但由于网络环境的复杂性(比如：路由器/交换机/防火墙等），浏览器与浏览器很多时候无法建立p2p连接，只能通过公网上的中继服务器(也就是所谓的turn服务器)中转。

Relay server即为turn中继服务器，而STUN server的作用是通过收集NAT背后peer端(即：躲在路由器或交换机后的电脑）对外暴露出来的ip和端口，找到一条可穿透路由器的链路，俗称“打洞”。stun/turn服务器通常要部署在公网上，能被所有peer端访问到，coturn开源项目同时实现了stun和turn服务的功能，是webrtc应用的必备首选。

以上为抄录开场白，感谢： https://www.cnblogs.com/yjmyzz/p/how-to-install-coturn-on-ubuntu.html

1、准备一台ubuntu服务器

本人准备的是一台ubuntu64的操作系统，具体如图：

由虚拟机安装。个人凭自己喜好，尽情玩耍。

2、安装coturn的组件依赖

hake@hake:/home# sudo su root #先切换到root

root@hake:/home# apt-get install build-essential #(可选)，如果后面的./configure失败时，可先安装gcc

root@hake:/home# apt-get install openssl libssl-dev make #安装ssl

root@hake:/home# wget https://github.com/libevent/libevent/releases/download/release-2.1.10-stable/libevent-2.1.10-stable.tar.gz

#安装libevent2

root@hake:/home# tar -zxvf libevent-2.1.10-stable.tar.gz

root@hake:/home# cd libevent-2.1.10-stable

root@hake:/home# ./configure

root@hake:/home# make & make install

root@hake:/home# apt-get install sqlite libsqlite3-dev

注：coturn的用户信息等，默认是持久化保存在sqlite中。

3、下载coturn源码并编译

root@hake:/home# wget https: //github .com /coturn/coturn/archive/4 .5.1.1. tar .gz

root@hake:/home# tar -zxvf 4.5.1.1. tar .gz

root@hake:/home# cd coturn-4.5.1.1

root@hake:/home# . /configure

root@hake:/home# make & make install

部分编译编码，验证是否成功

root@hake:/home/coturn-4.5.1.1# make & make install
[1] 54663
make: Nothing to be done for 'all'.
install -d /usr/local
install -d /usr/local/bin
install -d /usr/local/var/db
install -d /usr/local/man/man1
install -d /usr/local/etc
install -d /usr/local/lib
install -d /usr/local/share/examples/turnserver
install -d /usr/local/share/doc/turnserver
install -d /usr/local/share/turnserver
install -d /usr/local/include/turn
install bin/turnserver /usr/local/bin
install bin/turnadmin /usr/local/bin
install bin/turnutils_uclient /usr/local/bin
install bin/turnutils_peer /usr/local/bin
install bin/turnutils_stunclient /usr/local/bin
install bin/turnutils_oauth /usr/local/bin
install bin/turnutils_natdiscovery /usr/local/bin
install man/man1/turnserver.1 /usr/local/man/man1/
install man/man1/turnadmin.1 /usr/local/man/man1/
install man/man1/turnutils.1 /usr/local/man/man1/
install man/man1/turnutils_uclient.1 /usr/local/man/man1/
install man/man1/turnutils_stunclient.1 /usr/local/man/man1/
install man/man1/turnutils_oauth.1 /usr/local/man/man1/
install man/man1/turnutils_natdiscovery.1 /usr/local/man/man1/
install man/man1/turnutils_peer.1 /usr/local/man/man1/
install man/man1/coturn.1 /usr/local/man/man1/
install lib/libturnclient.a /usr/local/lib
install LICENSE /usr/local/share/doc/turnserver
install README.turnserver /usr/local/share/doc/turnserver
install README.turnadmin /usr/local/share/doc/turnserver
install README.turnutils /usr/local/share/doc/turnserver
install INSTALL /usr/local/share/doc/turnserver
install postinstall.txt /usr/local/share/doc/turnserver
install turndb/schema.sql /usr/local/share/doc/turnserver
install turndb/schema.sql /usr/local/share/turnserver
install turndb/schema.mongo.sh /usr/local/share/doc/turnserver
install turndb/schema.mongo.sh /usr/local/share/turnserver
install turndb/testredisdbsetup.sh /usr/local/share/turnserver
install turndb/testmongosetup.sh /usr/local/share/turnserver
install turndb/testsqldbsetup.sql /usr/local/share/turnserver
install turndb/schema.userdb.redis /usr/local/share/doc/turnserver
install turndb/schema.userdb.redis /usr/local/share/turnserver
install turndb/schema.stats.redis /usr/local/share/doc/turnserver
install turndb/schema.stats.redis /usr/local/share/turnserver
if [ -f sqlite/turndb ] ; then install sqlite/turndb /usr/local/var/db/turndb; fi
install examples/etc/turnserver.conf /usr/local/etc/turnserver.conf.default
cp -rpf examples/etc /usr/local/share/examples/turnserver
cp -rpf examples/scripts /usr/local/share/examples/turnserver
rm -rf /usr/local/share/examples/turnserver/scripts/rfc5769.sh
cp -rpf include/turn/client /usr/local/include/turn
install include/turn/ns_turn_defs.h /usr/local/include/turn
cat /usr/local/share/doc/turnserver/postinstall.txt
==================================================================

1) If your system supports automatic start-up system daemon services, 
then to enable the turnserver as a system service that is automatically
started, you have to:

	a) Create and edit /etc/turnserver.conf or 
	/usr/local/etc/turnserver.conf . 
	Use /usr/local/etc/turnserver.conf.default as an example.

	b) For user accounts settings: set up SQLite or PostgreSQL or 
	MySQL or MongoDB or Redis database for user accounts.
	Use /usr/local/share/turnserver/schema.sql as SQL database schema,
	or use /usr/local/share/turnserver/schema.userdb.redis as Redis
	database schema description and/or 
	/usr/local/share/turnserver/schema.stats.redis
	as Redis status & statistics database schema description.
	
	If you are using SQLite, the default database location is in 
	/var/db/turndb or in /usr/local/var/db/turndb or in /var/lib/turn/turndb.
	 
	c) add whatever is necessary to enable start-up daemon for the 
	/usr/local/bin/turnserver.
     
2) If you do not want the turnserver to be a system service, 
   then you can start/stop it "manually", using the "turnserver" 
   executable with appropriate options (see the documentation).
   
3) To create database schema, use schema in file 
/usr/local/share/turnserver/schema.sql.
   
4) For additional information, run:
 
   $ man turnserver
   $ man turnadmin
   $ man turnutils
	
==================================================================

4、创建配置coturn

root@hake:/home# turnadmin -a -u youname-p youpassword -r hakecom

root@hake:/home# cp /usr/local/etc/turnserver.conf.default /usr/local/etc/turnserver.conf

root@hake:/home# vim /usr/local/etc/turnserver.conf

修改配置：

listening-port=3478 #监听端口 listening-device=eth0 #监听的网卡 external-ip=192.168.2.146 #公网ip（此处配置本地的ip） user=youname:youpassword #用户名:密码 realm=hakecom #一般与turnadmin创建用户时指定的realm一致

启动：

root@hake:/home/coturn-4.5.1.1# turnadmin -a -u youname-p youpassword -r hakecom
root@hake:/home/coturn-4.5.1.1# ls
AUTHORS          ChangeLog         examples  LICENSE          make-man.sh  postinstall.txt    README.turnutils  STATUS
bin              configure         include   LICENSE.OpenSSL  man          README.md          rpm               TODO
build            docker            INSTALL   Makefile         netarch.txt  README.turnadmin   sqlite            turndb
build-docker.sh  Dockerfile.build  lib       Makefile.in      NOTE         README.turnserver  src
root@hake:/home/coturn-4.5.1.1# pwd
/home/coturn-4.5.1.1
root@hake:/home/coturn-4.5.1.1# cp /usr/local/etc/turnserver.conf.default /usr/local/etc/turnserver.conf
root@hake:/home/coturn-4.5.1.1# vim /usr/local/etc/turnserver.conf
root@hake:/home/coturn-4.5.1.1# pwd
/home/coturn-4.5.1.1
root@hake:/home/coturn-4.5.1.1# turnserver -o -a -f -v -r hakecom
0: log file opened: /var/log/turn_54723_2020-09-12.log
0: Config file found: /usr/local/etc/turnserver.conf
0: 
RFC 3489/5389/5766/5780/6062/6156 STUN/TURN Server
Version Coturn-4.5.1.1 'dan Eider'
0: 
Max number of open files/sockets allowed for this process: 1048576
0: 
Due to the open files/sockets limitation,
max supported number of TURN Sessions possible is: 524000 (approximately)
0: 

==== Show him the instruments, Practical Frost: ====

0: TLS supported
0: DTLS supported
0: DTLS 1.2 supported
0: TURN/STUN ALPN supported
0: Third-party authorization (oAuth) supported
0: GCM (AEAD) supported
0: OpenSSL compile-time version: OpenSSL 1.1.1  11 Sep 2018 (0x1010100f)
0: 
0: SQLite supported, default database location is /usr/local/var/db/turndb
0: Redis is not supported
0: PostgreSQL is not supported
0: MySQL is not supported
0: MongoDB is not supported
0: 
0: Default Net Engine version: 3 (UDP thread per CPU core)

=====================================================

0: Domain name: 
0: Default realm: cnblogs
0: ERROR: 
CONFIG ERROR: Empty cli-password, and so telnet cli interface is disabled! Please set a non empty cli-password!
0: WARNING: cannot find certificate file: turn_server_cert.pem (1)
0: WARNING: cannot start TLS and DTLS listeners because certificate file is not set properly
0: WARNING: cannot find private key file: turn_server_pkey.pem (1)
0: WARNING: cannot start TLS and DTLS listeners because private key file is not set properly
0: NO EXPLICIT LISTENER ADDRESS(ES) ARE CONFIGURED
0: ===========Discovering listener addresses: =========
0: Listener address to use: 127.0.0.1
0: Listener address to use: 192.168.2.146
0: Listener address to use: ::1
0: =====================================================
0: Total: 1 'real' addresses discovered
0: =====================================================
0: NO EXPLICIT RELAY ADDRESS(ES) ARE CONFIGURED
0: ===========Discovering relay addresses: =============
0: Relay address to use: 192.168.2.146
0: Relay address to use: ::1
0: =====================================================
0: Total: 2 relay addresses discovered
0: =====================================================

5、turnserver -o -a -f -v -r hakecom

输出代码：

root@hake:/home/coturn-4.5.1.1# turnserver -o -a -f -v -r cnblogs
0: log file opened: /var/log/turn_54723_2020-09-12.log
0: Config file found: /usr/local/etc/turnserver.conf
0: 
RFC 3489/5389/5766/5780/6062/6156 STUN/TURN Server
Version Coturn-4.5.1.1 'dan Eider'
0: 
Max number of open files/sockets allowed for this process: 1048576
0: 
Due to the open files/sockets limitation,
max supported number of TURN Sessions possible is: 524000 (approximately)
0: 

==== Show him the instruments, Practical Frost: ====

0: TLS supported
0: DTLS supported
0: DTLS 1.2 supported
0: TURN/STUN ALPN supported
0: Third-party authorization (oAuth) supported
0: GCM (AEAD) supported
0: OpenSSL compile-time version: OpenSSL 1.1.1  11 Sep 2018 (0x1010100f)
0: 
0: SQLite supported, default database location is /usr/local/var/db/turndb
0: Redis is not supported
0: PostgreSQL is not supported
0: MySQL is not supported
0: MongoDB is not supported
0: 
0: Default Net Engine version: 3 (UDP thread per CPU core)

=====================================================

0: Domain name: 
0: Default realm: cnblogs
0: ERROR: 
CONFIG ERROR: Empty cli-password, and so telnet cli interface is disabled! Please set a non empty cli-password!
0: WARNING: cannot find certificate file: turn_server_cert.pem (1)
0: WARNING: cannot start TLS and DTLS listeners because certificate file is not set properly
0: WARNING: cannot find private key file: turn_server_pkey.pem (1)
0: WARNING: cannot start TLS and DTLS listeners because private key file is not set properly
0: NO EXPLICIT LISTENER ADDRESS(ES) ARE CONFIGURED
0: ===========Discovering listener addresses: =========
0: Listener address to use: 127.0.0.1
0: Listener address to use: 192.168.2.146
0: Listener address to use: ::1
0: =====================================================
0: Total: 1 'real' addresses discovered
0: =====================================================
0: NO EXPLICIT RELAY ADDRESS(ES) ARE CONFIGURED
0: ===========Discovering relay addresses: =============
0: Relay address to use: 192.168.2.146
0: Relay address to use: ::1
0: =====================================================
0: Total: 2 relay addresses discovered
0: =====================================================

webrtc-samples官网还提供了一个检测ice穿透的在线工具：https://webrtc.github.io/samples/src/content/peerconnection/trickle-ice/

验证结果：

使用火狐浏览器就没有问题，但是用google虽然done，但是报701错误？360浏览器也报这个错？？

Note: errors from onicecandidateerror above are not neccessarily fatal. For example an IPv6 DNS lookup may fail but relay candidates can still be gathered via IPv4.

The server stun:192.168.XXX.XX:3478 returned an error with code=701:

STUN server address is incompatible.

转中文：报错信息：注意：上述onicecandidateerror错误不一定是致命的。例如，IPv6 DNS查找可能会失败，但仍可以通过IPv4收集中继候选者。服务器stun：192.168.XXX.XX：3478返回了错误，代码为701：

火狐浏览器结果：

特别感谢：

https://www.cnblogs.com/yjmyzz/p/how-to-install-coturn-on-ubuntu.html

https://blog.csdn.net/m0_46453807/article/details/107221462