一、服务组成
1、AppRTC 房间服务,代码:github.com/webrtc/appr…
2、Collider 信令服务,AppRTC源码里自带
3、CoTurn 打洞服务,代码:github.com/coturn/cotu…
打包资源: 链接: pan.baidu.com/s/1ulx1FVRN… 提取码: 3e5f
二、前期准备
1、操作系统: Centos 64bits
2、Google webrtc的服务器Demo:详见https://github.com/webrtc/apprtc
3、域名: apprtc.test.com
4、域名SSL证书
5、资源都放到/data目录下
6、python 2.7.9 及以上 (升级教程)
三、软件要求
1、更换阿里云源
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
yum makecache
yum update
2、安装JDK
yum -y install java
3、安装nodejs
curl --silent --location https://rpm.nodesource.com/setup_8.x | sudo bash -
yum -y install nodejs
没翻墙请更换成淘宝源
npm install -g cnpm --registry=https://registry.npm.taobao.org
npm -g install grunt-cli
4、安装python与依赖
yum install -y python
yum install -y python-webtest
wget https://bootstrap.pypa.io/ez_setup.py -O - | sudo python
git clone git://github.com/kennethreitz/requests.git
cd requests/
python2 setup.py install
5、安装git
yum -y git
6、安装google-cloud-sdk
https://cloud.google.com/sdk/docs/#linux
三、搭建房间
1、下载apprtc源码(目录/data/)
git clone https://github.com/webrtc/apprtc.git
cd apprtc
cnpm install
2、修改文件
a.修改/data/apprtc/src/app_engine/constants.py
TURN_BASE_URL = 'https://apprtc.test.com' #本机域名webrtc.olcms.com
TURN_URL_TEMPLATE = '%s/turn.php?username=%s&key=%s' #如果turn.php未实现,可使用默认配置
CEOD_KEY = '1234567890' #turn密码,此处后面turn配置的用户名保持一致
ICE_SERVER_BASE_URL = 'https://apprtc.test.com'
ICE_SERVER_URL_TEMPLATE = '%s/iceconfig.php?key=%s' #如果iceconfig.php未实现,可用默认配置,但是Android Apk会有问题
WSS_INSTANCE_HOST_KEY = 'apprtc.test.com:8089' #信令服务器端口号8089
WSS_INSTANCE_NAME_KEY = 'vm_name'
WSS_INSTANCE_ZONE_KEY = 'zone'
WSS_INSTANCES = [{
WSS_INSTANCE_HOST_KEY: 'apprtc.test.com:8089',
WSS_INSTANCE_NAME_KEY: 'wsserver-std',
WSS_INSTANCE_ZONE_KEY: 'us-central1-a'
}, {
WSS_INSTANCE_HOST_KEY: 'apprtc.test.com:8089',
WSS_INSTANCE_NAME_KEY: 'wsserver-std-2',
WSS_INSTANCE_ZONE_KEY: 'us-central1-f'
}]
b.修改 /data/apprtc/src/web_app/js/appcontroller.js,找到:440行
window.history.pushState({'roomId': roomId, 'roomLink': roomLink}, roomId, roomLink);
在这之前加入
roomLink=roomLink.substring("http","https");
3、编译
grunt build
编译完成之后,会生成out目录,房间服务器编译完成。
4、运行房间服务器
nohup /root/google-cloud-sdk/bin/dev_appserver.py --host=apprtc.test.com /data/apprtc/out/app_engine &
域名要已经解析或在服务器上做上host绑定,不然会提示绑定端口失败
四、搭建信令服务器(Collider Server)
1、安装go环境
yum install go
2、配置go环境
mkdir -p /usr/local/go/src
mkdir -p /usr/local/go/bin
vim ~/.bash_profile
在最底加入
export GOPATH=/root/go
PATH=$PATH:$GOPATH/bin
source ~/.bash_profile
3、复制collider源码
把/data/apprtc/src/collider/目录下的三个目录(collider、collidermain、collidertest)复制到/usr/local/go/src/目录下
cp -r /data/apprtc/src/collider/* /root/go/src/
4、修改代码
a.编辑文件/root/go/src/collidermain/main.go,修改房间服务器的地址
var roomSrv = flag.String("room-server", "https://apprtc.test.com", "The origin of the room server")
b.编辑文件/root/go/src/collider/collider.go,修改下面这句:
SSL证书放在/data/cert/test.com下
e = server.ListenAndServeTLS("/data/cert/test.com/test.com.pem", "/data/cert/test.com/test.com.key")
5、下载依赖库
mkdir -p /usr/local/go/src/golang.org/x
cd /usr/local/go/src/golang.org/x
git clone https://github.com/golang/net
6、编译信令服务器
go get collidermain
go install collidermain
7、运行信令服务器
nohup collidermain -port=8089 -tls=true &
五、搭建STUN\TURN服务器
1、下载安装包
wget http://turnserver.open-sys.org/downloads/v4.5.0.7/turnserver-4.5.0.7-CentOS7.4-x86_64.tar.gz
2、解压安装
tar zxvf turnserver-4.5.0.7-CentOS7.4-x86_64.tar.gz
cd turnserver-4.5.0.7
./install.sh
3、生成证书
mkdir -p /data/cert/turnserver
openssl req -x509 -newkey rsa:2048 -keyout /data/cert/turnserver/turn_server_cert.pem -out /data/cert/turnserver/turn_server_pkey.pem -days 99999 -nodes
4、修改配置
vim /etc/turnserver.conf
配置如下:
listening-device=xxx #改成本地网卡
listening-port=3478
relay-device=xxx #改成本地网卡
min-port=49152
max-port=65535
daemon=true #后台运行
fingerprint
lt-cred-mech
use-auth-secret
static-auth-secret=1234567890 #turn密码
realm=apprtc.test.com
user=inesadt:0x7e3a2ed35d3cf7f19e2f8b015a186f54
user=inesadt:inesadt
stale-nonce
cert=/data/cert/turnserver/turn_server_cert.pem
pkey=/data/cert/turnserver/turn_server_pkey.pem
no-loopback-peers
no-multicast-peers
mobility
no-cli
5、运行turn服务
nohup trunserver &
六、安装nginx
rpm -Uvh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
yum install -y nginx
七、PHP环境安装
1、安装PHP
rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
yum install php70w-common php70w-fpm php70w-devel
2、修改nginx配置
vim /etc/nginx/conf.d/default.conf
配置内容:
upstream roomserver {
server 本地IP地址:8080;
}
server {
listen 80;
server_name apprtc.test.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443;
server_name apprtc.test.com;
access_log /var/log/nginx/apprtc.test.com.log main;
root /data/html;
index index.html index.htm index.php;
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
#fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
include fastcgi_params;
}
location / {
proxy_pass http://roomserver$request_uri;
proxy_set_header Host $host;
}
ssl on;
ssl_certificate /data/cert/test.com/test.com.pem;
ssl_certificate_key /data/cert/test.com/test.com.key;
}
3、编写turn.php文件和iceconfig.php文件,并把文件放到目录/data/html/目录下
3.1、turn.php文件内容:
<?php
$request_username = $_GET["username"];
if (empty($request_username)) {
echo "username == null";
exit;
}
$request_key = $_GET["key"];
$time_to_live = 600;
$timestamp = time() + $time_to_live;//失效时间
$response_username = $timestamp . ":" . ($_GET["username"]??'');
$response_key = $request_key;
if (empty($response_key))
$response_key = "1234567890"; //constants.py中CEOD_KEY
$response_password = getSignature($response_username, $response_key);
$jsonObj = new Response();
$jsonObj->username = $response_username;
$jsonObj->password = $response_password;
$jsonObj->ttl = 86400;
//此处需配置自己的服务器
$jsonObj->uris = array("stun:apprtc.test.com:3478", "turn:apprtc.test.com:3478?transport=udp", "turn:apprtc.test.com?transport=tcp");
echo json_encode($jsonObj);
/**
* 使用HMAC-SHA1算法生成签名值
*
* @param $str 源串
* @param $key 密钥
*
* @return 签名值
*/
function getSignature($str, $key)
{
$signature = "";
if (function_exists('hash_hmac')) {
$signature = base64_encode(hash_hmac("sha1", $str, $key, true));
} else {
$blocksize = 64;
$hashfunc = 'sha1';
if (strlen($key) > $blocksize) {
$key = pack('H*', $hashfunc($key));
}
$key = str_pad($key, $blocksize, chr(0x00));
$ipad = str_repeat(chr(0x36), $blocksize);
$opad = str_repeat(chr(0x5c), $blocksize);
$hmac = pack(
'H*', $hashfunc(
($key ^ $opad) . pack(
'H*', $hashfunc(
($key ^ $ipad) . $str
)
)
)
);
$signature = base64_encode($hmac);
}
return $signature;
}
class Response
{
public $username = "";
public $password = "";
public $ttl = "";
public $uris = array("");
}
?>
3.2、iceconfig.php文件内容:
<?php
$request_username = "inesadt"; //配置成自己的turn服务器用户名
if (empty($request_username)) {
echo "username == null";
exit;
}
$request_key = "1234567890"; //turn服务器密码
$time_to_live = 600;
$timestamp = time() + $time_to_live;//失效时间
$response_username = $timestamp . ":" . ($_GET["username"]??'');
$response_key = $request_key;
if (empty($response_key))
$response_key = "1234567890";//constants.py中CEOD_KEY
$response_password = getSignature($response_username, $response_key);
$arrayObj = array();
$arrayObj[0]['username'] = $response_username;
$arrayObj[0]['credential'] = $response_password;
//配置成自己的stun/turn服务器
$arrayObj[0]['urls'][0] = "stun:apprtc.test.com:3478";
$arrayObj[0]['urls'][1] = "turn:apprtc.test.com:3478?transport=tcp";
$arrayObj[0]['uris'][0] = "stun:apprtc.test.com:3478";
$arrayObj[0]['uris'][1] = "turn:apprtc.test.com:3478?transport=tcp";
$jsonObj = new Response();
$jsonObj->lifetimeDuration = "300.000s";
$jsonObj->iceServers = $arrayObj;
echo json_encode($jsonObj);
/**
* 使用HMAC-SHA1算法生成签名值
*
* @param $str 源串
* @param $key 密钥
*
* @return 签名值
*/
function getSignature($str, $key)
{
$signature = "";
if (function_exists('hash_hmac')) {
$signature = base64_encode(hash_hmac("sha1", $str, $key, true));
} else {
$blocksize = 64;
$hashfunc = 'sha1';
if (strlen($key) > $blocksize) {
$key = pack('H*', $hashfunc($key));
}
$key = str_pad($key, $blocksize, chr(0x00));
$ipad = str_repeat(chr(0x36), $blocksize);
$opad = str_repeat(chr(0x5c), $blocksize);
$hmac = pack(
'H*', $hashfunc(
($key ^ $opad) . pack(
'H*', $hashfunc(
($key ^ $ipad) . $str
)
)
)
);
$signature = base64_encode($hmac);
}
return $signature;
}
class Response
{
public $lifetimeDuration = "";
public $iceServers = array("");
}
?>
4、修改文件为775权限,用户为nginx
5、运行nginx 与 php-fpm
systemctl start nginx
systemctl start php-fpm
5.1、报403错误有二种情况
a.文件权限不对
b.开启了selinux
vim /etc/selinux/config
SELINUX=disabled
6、部署完成,访问https://apprtc.test.com
