COTURN-JANUS WEBRTC Environment Setup

Summary: Note the opening of port tcp/udp

Install dependent packages before installing coturn and janus

Certificate and turnserver user password need to be matched

Prerequisite preparation

Prepare the underlying environment, including server environment, address, certificate, firewall configuration, etc.</br> Environment Preparation </br> Operating system: CentOS 7.6 x64</br> A domain name with an SSL certificate </br> The corresponding port needs to be opened: 8088 8188 3478 3480-3500 7000-9000 443</br> Certificate Conversion

mkdir /etc/ssl/cert/domain.com
cd /etc/ssl/cert/domain.com

Upload a certificate to this directory, typically using a certificate suitable for Nginx.If there is pem's best, upload it here directly, if not, convert it.

openssl rsa -in domain.com.key -text > key.pem
openssl x509 -inform PEM -in domain.com.crt > cert.pem

Start Installation Start deploying and installing the Webrtc service, which will be documented step by step.And the handling of problems encountered in the process of step-by-step execution.

Install Dependent Packages

yum update
yum install  texinfo  libmicrohttpd-devel.x86_64   uncrustify

yum -y install epel-release nginx libmicrohttpd-devel jansson-devel openssl-devel libsrtp-devel sofia-sip-devel glib2-devel opus-devel libogg-devel libcurl-devel pkgconfig gengetopt libconfig-devel libtool autoconf automake libnice libnice-devel libwebsockets libwebsockets-devel doxygen graphviz cmake gtk-doc-tools git lrzsz

Install libsrtp

cd ~
wget https://github.com/cisco/libsrtp/archive/v1.5.4.tar.gz
tar zxvf v1.5.4.tar.gz && cd libsrtp-1.5.4
./configure --prefix=/usr --enable-openssl --libdir=/usr/lib64
make shared_library && sudo make install

Install usrsctp

cd ~
git clone https://github.com/sctplab/usrsctp
cd usrsctp
./bootstrap
./configure --prefix=/usr --libdir=/usr/lib64 && make && sudo make install

Install RabbitMQ (not required)

cd ~
git clone https://github.com/alanxz/rabbitmq-c
cd rabbitmq-c
git submodule init
git submodule update
mkdir build && cd build
cmake -DCMAKE_INSTALL_PREFIX=/usr -DCMAKE_INSTALL_LIBDIR=/usr/lib64 ..
make && sudo make install

Install Janus-Gateway

cd ~
git clone https://github.com/meetecho/janus-gateway.git
cd janus-gateway
sh autogen.sh
./configure --prefix=/opt/janus --enable-websockets  
make
make install
make configs

Output the following information for instructions

./configure --prefix=/opt/janus --enable-websockets The execution was successful.
Compiler:                  gcc
libsrtp version:           1.5.x
SSL/crypto library:        OpenSSL
DTLS set-timeout:          not available
Mutex implementation:      GMutex (native futex on Linux)
DataChannels support:      yes
Recordings post-processor: no
TURN REST API client:      yes
Doxygen documentation:     no
Transports:
    REST (HTTP/HTTPS):     yes
    WebSockets:            yes
    RabbitMQ:              yes
    MQTT:                  no
    Unix Sockets:          yes
    Nanomsg:               no
Plugins:
    Echo Test:             yes
    Streaming:             yes
    Video Call:            yes
    SIP Gateway (Sofia):   no
    SIP Gateway (libre):   no
    NoSIP (RTP Bridge):    yes
    Audio Bridge:          yes
    Video Room:            yes
    Voice Mail:            yes
    Record&Play:           yes
    Text Room:             yes
    Lua Interpreter:       no
    Duktape Interpreter:   no
Event handlers:
    Sample event handler:  yes
    RabbitMQ event handler:yes
    MQTT event handler:    no
JavaScript modules:        no

Install CoTurn Service

An error was encountered while installing the CoTurn service execution. /configure. This is explained in advance and resolved first.

Libevent2 development is not installed properly
ERROR: Libevent2 development libraries are not installed properly in required location.
ERROR: may be you have just too old libevent tool - then you have to upgrade it.
See the INSTALL file.
Abort.

The solutions are as follows:

sudo yum install libevent libevent-devel  openssl openssl-libs -y 

Then?

cd ~
wget https://sourceforge.net/projects/levent/files/release-2.0.22-stable/libevent-2.0.22-stable.tar.gz/download
mv download libevent-2.0.22-stable.tar.gz
tar zxvf libevent-2.0.22-stable.tar.gz
cd libevent-2.0.22-stable
./configure
make
sudo make install

Then start the normal installation of the CoTurn service.

cd ~
mkdir /root/webrtc
cd /root/webrtc
wget http://coturn.net/turnserver/v4.5.0.7/turnserver-4.5.0.7.tar.gz
tar zxvf turnserver-4.5.0.7.tar.gz
cd /root/webrtc/turnserver-4.5.0.7
./configure
make install

Service Configuration

This is mainly about the configuration items for the turn service and the Janus service.</br> Configuration of CoTurn Service </br>

vi /usr/local/etc/turnserver.conf

Add the following configuration to the file after opening (note that there are no spaces after the configuration item):

#Locally monitored network card device, filled in here according to your actual situation
listening-device=eth1
listening-port=3478
#Local network card device for forwarding, filled out here according to your actual situation
relay-device=eth1
#Specified forwarding port allocation range, when testing, can shut down all firewalls to prevent UDP ports from being blocked
min-port=3480
max-port=3500
#Log output level, turnserver starts with -v to get clearer log output
Verbose
#Message validation, used in WebRTC messages
fingerprint
#webrtc relay via turn, must use long authentication
lt-cred-mech
# ICE REST API authentication is required (turn will not work if this line is turned on)
# use-auth-secret
# KEY required for REST API encryption
# Here we use the "static" KEY, which Google also uses (it won't work if it's found)
#static-auth-secret=4080218913
#The user logs on to the domain, and the following writing does not change it, because when turnserver is restarted, it can be overwritten by specifying parameters
realm=<Fill in your own domain name>
#Provides more secure access to TURN services (I don't know what to do with this, I don't use it)
#stale-nonce
#There is a key file in the / etc/examples/directory of the Coturn code that you can use directly
cert=/usr/local/turnserver/etc/turn_server_cert.pem
pkey=/usr/local/turnserver/etc/turn_server_pkey.pem
#Block relay of loopback, multicast IP address
no-loopback-peers
no-multicast-peers
#Enable Mobility ICE support (do not understand)
mobility
#Disable local telnet cli management interface
no-cli

Janus Configuration

vi /opt/janus/etc/janus/janus.jcfg

Locate the certificates configuration item, open the following configuration inside, and set it.

certificates:
        cert_pem = "/etc/ssl/certs/huawenyao.cn/server-cert.pem"
        cert_key = "/etc/ssl/certs/huawenyao.cn/server-key.pem"

Locate the nat configuration item, open the configuration for the following, and set the user name and password asTurnserver.confUser name and password configured in.

nat:
        turn_server = "domain.com"
        turn_port = 3478
        turn_type = "udp"
        turn_user = "user"
        turn_pwd = "passwd123"
        ice_enforce_list = "eth0"

Open againJanus.transport.httpConfigure with.Jcfg.

vi /opt/janus/etc/janus/janus.transport.http.jcfg

Find the configurations for general, admin, certificates, and modify the following configurations (unused as not mentioned).

general:                                     
        https = true 
                                    
admin:
        admin_https = true 

certificates:
        cert_pem = "/etc/ssl/certs/huawenyao.cn/server-cert.pem"
        cert_key = "/etc/ssl/certs/huawenyao.cn/server-key.pem"

Open againJanus.transport.websocketsConfigure with.Jcfg.

vi /opt/janus/etc/janus/janus.transport.websockets.jcfg

Find the configurations for general, admin, certificates, and modify the following configurations (unused as not mentioned).

general:
        wss = true 

admin:
        admin_wss = true

certificates:
        cert_pem = "/etc/ssl/certs/huawenyao.cn/server-cert.pem"
        cert_key = "/etc/ssl/certs/huawenyao.cn/server-key.pem"

Configuration of Nginx Create a new profile:

vi /etc/nginx/conf.d/janus.conf

Add the following

 server {
     licsten 80;
     listen 443 ssl;
     server_name domain.com; 
     ssl_certificate /etc/ssl/cert/domain/domain.com.crt;
     ssl_certificate_key /etc/ssl/cert/domain/domain.com.key;
     charset     utf-8;
     root /opt/janus/share/janus/demos;
     index index.php index.html index.htm;
     access_log  /var/log/nginx/access.log  main;
     location / {
     }
 }

Service Start Here is how each service is started. Start Turn Service

/usr/local/bin/turnserver -c /usr/local/etc/turnserver.conf -o  -v

You can see if port 3478 is occupied, and if it is occupied, the service starts successfully.

netstat -nap|grep 3478

Start the Janus service

nohup /opt/janus/bin/janus >> /var/log/janus.log 2>&1 &

Start the Nginx service

systemctl restart nginx

Verification

Create User

Sudo turnadmin-a-u username-p password-r domain (write one anywhere)

You can view the created user using the following command turnadmin -l Test STUN Use the following command to test the availability of STUN services, the only parameter being the IP address or domain name of the STUN server.

Test STUN

turnutils_stunclient 127.0.0.1
‚Äčturnadmin -k -u -r -p //turnadmin -k -A -u test  -r test -p webrtc

Test TURN

turnutils_uclient -v -t -T -u test -w test  127.0.0.1

Test: https://webrtc.github.io/samples/src/content/peerconnection/trickle-ice/ ------------------- Reference documents: https://github.com/meetecho/janus-gateway

sudo openssl req -x509 -newkey rsa:2048 -keyout /etc/ turn_server_pkey.pem -out /etc/turn_server_cert.pem -days 99999 -nodes

Tags: Programming SSL OpenSSL Nginx git

Posted on Wed, 27 May 2020 19:53:39 -0700 by radhoo