Summary: Note the opening of port tcp/udp

Install dependent packages before installing coturn and janus

Certificate and turnserver user password need to be matched

Prerequisite preparation

Prepare the underlying environment, including server environment, address, certificate, firewall configuration, etc.</br> Environment Preparation </br> Operating system: CentOS 7.6 x64</br> A domain name with an SSL certificate </br> The corresponding port needs to be opened: 8088 8188 3478 3480-3500 7000-9000 443</br> Certificate Conversion

mkdir /etc/ssl/cert/
cd /etc/ssl/cert/

Upload a certificate to this directory, typically using a certificate suitable for Nginx.If there is pem's best, upload it here directly, if not, convert it.

openssl rsa -in -text > key.pem
openssl x509 -inform PEM -in > cert.pem

Start Installation Start deploying and installing the Webrtc service, which will be documented step by step.And the handling of problems encountered in the process of step-by-step execution.

Install Dependent Packages

yum update
yum install  texinfo  libmicrohttpd-devel.x86_64   uncrustify

yum -y install epel-release nginx libmicrohttpd-devel jansson-devel openssl-devel libsrtp-devel sofia-sip-devel glib2-devel opus-devel libogg-devel libcurl-devel pkgconfig gengetopt libconfig-devel libtool autoconf automake libnice libnice-devel libwebsockets libwebsockets-devel doxygen graphviz cmake gtk-doc-tools git lrzsz

Install libsrtp

cd ~
tar zxvf v1.5.4.tar.gz && cd libsrtp-1.5.4
./configure --prefix=/usr --enable-openssl --libdir=/usr/lib64
make shared_library && sudo make install

Install usrsctp

cd ~
git clone
cd usrsctp
./configure --prefix=/usr --libdir=/usr/lib64 && make && sudo make install

Install RabbitMQ (not required)

cd ~
git clone
cd rabbitmq-c
git submodule init
git submodule update
mkdir build && cd build
make && sudo make install

Install Janus-Gateway

cd ~
git clone
cd janus-gateway
./configure --prefix=/opt/janus --enable-websockets  
make install
make configs

Output the following information for instructions

./configure --prefix=/opt/janus --enable-websockets The execution was successful.
Compiler:                  gcc
libsrtp version:           1.5.x
SSL/crypto library:        OpenSSL
DTLS set-timeout:          not available
Mutex implementation:      GMutex (native futex on Linux)
DataChannels support:      yes
Recordings post-processor: no
TURN REST API client:      yes
Doxygen documentation:     no
    REST (HTTP/HTTPS):     yes
    WebSockets:            yes
    RabbitMQ:              yes
    MQTT:                  no
    Unix Sockets:          yes
    Nanomsg:               no
    Echo Test:             yes
    Streaming:             yes
    Video Call:            yes
    SIP Gateway (Sofia):   no
    SIP Gateway (libre):   no
    NoSIP (RTP Bridge):    yes
    Audio Bridge:          yes
    Video Room:            yes
    Voice Mail:            yes
    Record&Play:           yes
    Text Room:             yes
    Lua Interpreter:       no
    Duktape Interpreter:   no
Event handlers:
    Sample event handler:  yes
    RabbitMQ event handler:yes
    MQTT event handler:    no
JavaScript modules:        no

Install CoTurn Service

An error was encountered while installing the CoTurn service execution. /configure. This is explained in advance and resolved first.

Libevent2 development is not installed properly
ERROR: Libevent2 development libraries are not installed properly in required location.
ERROR: may be you have just too old libevent tool - then you have to upgrade it.
See the INSTALL file.

The solutions are as follows:

sudo yum install libevent libevent-devel  openssl openssl-libs -y 


cd ~
mv download libevent-2.0.22-stable.tar.gz
tar zxvf libevent-2.0.22-stable.tar.gz
cd libevent-2.0.22-stable
sudo make install

Then start the normal installation of the CoTurn service.

cd ~
mkdir /root/webrtc
cd /root/webrtc
tar zxvf turnserver-
cd /root/webrtc/turnserver-
make install

Service Configuration

This is mainly about the configuration items for the turn service and the Janus service.</br> Configuration of CoTurn Service </br>

vi /usr/local/etc/turnserver.conf

Add the following configuration to the file after opening (note that there are no spaces after the configuration item):

#Locally monitored network card device, filled in here according to your actual situation
#Local network card device for forwarding, filled out here according to your actual situation
#Specified forwarding port allocation range, when testing, can shut down all firewalls to prevent UDP ports from being blocked
#Log output level, turnserver starts with -v to get clearer log output
#Message validation, used in WebRTC messages
#webrtc relay via turn, must use long authentication
# ICE REST API authentication is required (turn will not work if this line is turned on)
# use-auth-secret
# KEY required for REST API encryption
# Here we use the "static" KEY, which Google also uses (it won't work if it's found)
#The user logs on to the domain, and the following writing does not change it, because when turnserver is restarted, it can be overwritten by specifying parameters
realm=<Fill in your own domain name>
#Provides more secure access to TURN services (I don't know what to do with this, I don't use it)
#There is a key file in the / etc/examples/directory of the Coturn code that you can use directly
#Block relay of loopback, multicast IP address
#Enable Mobility ICE support (do not understand)
#Disable local telnet cli management interface

Janus Configuration

vi /opt/janus/etc/janus/janus.jcfg

Locate the certificates configuration item, open the following configuration inside, and set it.

        cert_pem = "/etc/ssl/certs/"
        cert_key = "/etc/ssl/certs/"

Locate the nat configuration item, open the configuration for the following, and set the user name and password asTurnserver.confUser name and password configured in.

        turn_server = ""
        turn_port = 3478
        turn_type = "udp"
        turn_user = "user"
        turn_pwd = "passwd123"
        ice_enforce_list = "eth0"

Open againJanus.transport.httpConfigure with.Jcfg.

vi /opt/janus/etc/janus/janus.transport.http.jcfg

Find the configurations for general, admin, certificates, and modify the following configurations (unused as not mentioned).

        https = true 
        admin_https = true 

        cert_pem = "/etc/ssl/certs/"
        cert_key = "/etc/ssl/certs/"

Open againJanus.transport.websocketsConfigure with.Jcfg.

vi /opt/janus/etc/janus/janus.transport.websockets.jcfg

Find the configurations for general, admin, certificates, and modify the following configurations (unused as not mentioned).

        wss = true 

        admin_wss = true

        cert_pem = "/etc/ssl/certs/"
        cert_key = "/etc/ssl/certs/"

Configuration of Nginx Create a new profile:

vi /etc/nginx/conf.d/janus.conf

Add the following

 server {
     licsten 80;
     listen 443 ssl;
     ssl_certificate /etc/ssl/cert/domain/;
     ssl_certificate_key /etc/ssl/cert/domain/;
     charset     utf-8;
     root /opt/janus/share/janus/demos;
     index index.php index.html index.htm;
     access_log  /var/log/nginx/access.log  main;
     location / {

Service Start Here is how each service is started. Start Turn Service

/usr/local/bin/turnserver -c /usr/local/etc/turnserver.conf -o  -v

You can see if port 3478 is occupied, and if it is occupied, the service starts successfully.

netstat -nap|grep 3478

Start the Janus service

nohup /opt/janus/bin/janus >> /var/log/janus.log 2>&1 &

Start the Nginx service

systemctl restart nginx


Create User

Sudo turnadmin-a-u username-p password-r domain (write one anywhere)

You can view the created user using the following command turnadmin -l Test STUN Use the following command to test the availability of STUN services, the only parameter being the IP address or domain name of the STUN server.


‚Äčturnadmin -k -u -r -p //turnadmin -k -A -u test  -r test -p webrtc


turnutils_uclient -v -t -T -u test -w test

Test: ------------------- Reference documents:

sudo openssl req -x509 -newkey rsa:2048 -keyout /etc/ turn_server_pkey.pem -out /etc/turn_server_cert.pem -days 99999 -nodes

Tags: Programming SSL OpenSSL Nginx git

Posted on Wed, 27 May 2020 19:53:39 -0700 by radhoo