Linux（centos7）下WebRTC搭建私有turn/stun服务

安装libevent2 1. 在http://libevent.org/下载libevent-2.1.8-stable.tar.gz 2. tar -zxvf libevent-2.1.8-stable.tar.gz

cd libevent-2.1.8-stable
./configure --prefix=/usr --libdir=/usr/lib64 (如果报错试试这个方式：./configure --prefix=/usr/local/coturn)

make & make install 原文链接：https://blog.csdn.net/chenyubei/article/details/125624687

下载coturn源码并编译 wget https://github.com/coturn/coturn/archive/4.5.1.1.tar.gz 下载 conturn-4.5.1.1.tar.gz （稳定版本）

tar -zxvf 4.5.1.1.tar.gz cd coturn-4.5.1.1 ./configure make & make install

原文: https://betheme.net/news/txtlist_i114618v.html?action=onClick

将默认配置模式文件复制一份到/usr/local/etc/下

cp /usr/local/etc/turnserver.conf.default /usr/local/etc/turnserver.conf

使用openssl创建密钥文件 openssl req -x509 -newkey rsa:2048 -keyout /etc/turn_server_pkey.pem -out /etc/turn_server_cert.pem -days 99999 -nodes

创建用户ytest，密码为123，同时指定realm为realmtest，请根据实际情况修改。 turnadmin -k -u ytest -p 123 -r realmtest 添加用户名为ytest，密码为123，realm域为testrealm的用户。得到用户密码的加密结果： 0xa13f0341197834c7ca61e1ff8d... vim /usr/local/etc/turnserver.conf 找到 cli-password = 跟上密码加密结果

vim /etc/turnuserdb.conf ytest:123 即 username:pwd 保存

查看当前的普通用户 $ turnadmin -l

输出：ts[testrealm]

删除普通用户 turnadmin -d -u ytest(用户名) -r testrealm(realm域)

启动turnserver

turnserver -v -r realmtest -a -o -c /usr/local/etc/turnserver.conf cli-password

如果打印报错：后续无解 0: Domain name: 0: Default realm: realmtest 0: SSL23: Certificate file found: /usr/local/etc/turn_server_cert.pem 0: SSL23: Private key file found: /usr/local/etc/turn_server_pkey.pem 0: ERROR: set_ctx: ERROR: cannot set DH 0: TLS1.0: Certificate file found: /usr/local/etc/turn_server_cert.pem 0: TLS1.0: Private key file found: /usr/local/etc/turn_server_pkey.pem 0: ERROR: set_ctx: ERROR: cannot set DH 0: TLS1.1: Certificate file found: /usr/local/etc/turn_server_cert.pem 0: TLS1.1: Private key file found: /usr/local/etc/turn_server_pkey.pem 0: ERROR: set_ctx: ERROR: cannot set DH 0: TLS1.2: Certificate file found: /usr/local/etc/turn_server_cert.pem 0: TLS1.2: Private key file found: /usr/local/etc/turn_server_pkey.pem 0: ERROR: set_ctx: ERROR: cannot set DH 0: TLS cipher suite: DEFAULT 0: DTLS: Certificate file found: /usr/local/etc/turn_server_cert.pem 0: DTLS: Private key file found: /usr/local/etc/turn_server_pkey.pem 0: ERROR: set_ctx: ERROR: cannot set DH 0: DTLS1.2: Certificate file found: /usr/local/etc/turn_server_cert.pem 0: DTLS1.2: Private key file found: /usr/local/etc/turn_server_pkey.pem 0: ERROR: set_ctx: ERROR: cannot set DH 0: DTLS cipher suite: DEFAULT

查找服务的端口 ps -ef|grep turnser

移除服务 kill

vim /usr/local/etc/turnserver.conf 找到并且打开 dh-file=/etc/letsencrypt/ssl-dhparams.pem

find / -name ssl-dhparams.pem 看看服务器有没有这个文件没有找到则安装 certbot 使用 Certbot 安装 Letsencrypt 证书

sudo snap install core; sudo snap refresh core sudo snap install --classic certbot sudo ln -s /snap/bin/certbot /usr/bin/certbot

centos7安装 certbot rpm -ivh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm yum install certbot

使用certbot-auto命令，生成证书 ./certbot-auto certonly --webroot -w /usr/share/nginx/html/ -d [填写合法域名的地址] ./certbot-auto certonly -d *.domain.com --manual --preferred-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directory

 -w   表示  nginx中指定的root 网站根目录的路径

验证

Trickle ICE https://webrtc.github.io/samples/src/content/peerconnection/trickle-ice/

输入 turn:外网ip:3478 usernam epwd

点击：Gather candidates