推流拉流WebRtc+Janus+coturn+Nginx方案

1.创建测试SSL,本地http可以拉起摄像头,服务器需要配置https拉起摄像头
在nginx中,可以用ssl模块配置同时支持http和https并存
创建服务器私钥,命令会让你输入一个口令
openssl genrsa -des3 -out server.key 4096
创建签名请求的证书(CSR),设置信息
openssl req -new -key server.key -out server.csr
最后标记证书使用上述私钥和CSR
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
openssl rsa -in server.key -out key.pem
openssl x509 -in server.crt -out cert.pem
2.安装coturn服务器
下载地址:https://github.com/coturn/coturn
安装依赖
sudo apt-get install libssl-dev 
sudo apt-get install libevent-dev 
sudo apt-get install libpq-dev 
sudo apt-get install mysql-client 
sudo apt-get install libmysqlclient-dev 
sudo apt-get install libhiredis-dev 
sudo apt-get install gcc 
sudo apt-get install pkg-config
编译安装
sourcsource ./configure
make -j 8
sudo make installe ./configure make -j 8 sudo make install
配置/usr/local/etc/turnserver.conf
复制/usr/local/etc/turnserver.conf.default到/usr/local/etc/turnserver.conf
elay-device=eth0
listening-ip=内网IP
listening-port=3478
tsl-listening-port=5349
relay-ip=内网IP
external-ip=外网IP

lt-cred-mech
user=user:123456
realm=domain.com
cli-password=123456
cert=/root/janus/ssl/cert.pem      //使用上面生成的pem
pkey=/root/janus/ssl/key.pem       //使用上面生成的pem

min-port=3480
max-port=3500
启动coturn
turnadmin -a -u user -p 123456 -r domain.com
sudo turnserver -c /usr/local/etc/turnserver.conf -a -f -v -r domain.com

 

测试端口是否正常
sudo lsof -n -i4TCP:3478 | grep LISTEN 
sudo lsof -n -i4TCP:5349 | grep LISTEN
页面测试是否穿透成功
https://webrtc.github.io/samples/src/content/peerconnection/trickle-ice/

relay回来是自己的地址表示成功

3.安装janus服务器
安装依赖
sudo aptitude install libmicrohttpd-dev
sudo aptitude install libjansson-dev
sudo aptitude install libssl-dev
sudo aptitude install libsrtp-dev
sudo aptitude install libsofia-sip-ua-dev
sudo aptitude install libglib2.0-dev
sudo aptitude install libopus-dev
sudo aptitude install libogg-dev
sudo aptitude install libcurl4-openssl-dev
sudo aptitude install liblua5.3-dev
sudo aptitude install libconfig-dev
sudo aptitude install pkg-config
sudo aptitude install gengetopt
sudo aptitude install libtool
sudo aptitude install automake
如果有某一个安装失败,又是官网要求必须装的,则需要人肉解决一下
安装libnice
https://launchpad.net/ubuntu/+source/libnice/0.1.16-1
libnice_0.1.16.orig.tar.gz
./configure && make && sudo make install
安装libwebsocket
git clone https://libwebsockets.org/repo/libwebsockets
cd libwebsockets
# If you want the stable version of libwebsockets, uncomment the next line
# git checkout v3.2-stable
mkdir build
cd build
# See https://github.com/meetecho/janus-gateway/issues/732 re: LWS_MAX_SMP
cmake -DLWS_MAX_SMP=1 -DCMAKE_INSTALL_PREFIX:PATH=/usr -DCMAKE_C_FLAGS="-fpic" ..
make && sudo make install
安装libsrtp
wget https://github.com/cisco/libsrtp/archive/v2.2.0.tar.gz
tar xfv v2.2.0.tar.gz
cd libsrtp-2.2.0
./configure --prefix=/usr --enable-openssl
make shared_library && sudo make install
安装usrsctp
git clone https://github.com/sctplab/usrsctp
cd usrsctp
./bootstrap
./configure --prefix=/usr --disable-programs --disable-inet --disable-inet6
make && sudo make install
编译Janus
git clone https://github.com/meetecho/janus-gateway.git
sh autogen.sh
./configure --prefix=/opt/janus --enable-websockets
make
sudo make install
配置
目录在:/opt/janus/etc/janus/
将*.jcfg.sample文件复制成*.jcfg
Janus默认的配置,是没有enable SSL的,意味着,https和wss不支持。而有些浏览器,要拉起摄像头,必须是加密的。所以,如果你Demo运行不起来,可以服务端配置一下SSL
打开/opt/janus/etc/janus/janus.jcfg,certificates修改key路径
certificates: {
        cert_pem = "/home/ssl/cert.pem"    //使用之前生成的
        cert_key = "/home/ssl/key.pem"      //使用之前生成的
        cert_pwd = "123456"
        #dtls_accept_selfsigned = false
        #dtls_ciphers = "your-desired-openssl-ciphers"
        #rsa_private_key = false
}
再打开/opt/janus/etc/janus/janus.transport.http.jcfg, 修改generals和certificates,启用https
general: {
        #events = true
        json = "indented"
        base_path = "/janus"
        http = true
        port = 8088
      
        https = true
        secure_port = 8089
}
certificates: {
        cert_pem = "/home/ssl/cert.pem"    //使用之前生成的
        cert_key = "/home/ssl/key.pem"      //使用之前生成的
        cert_pwd = "123456"
        #ciphers = "PFS:-VERS-TLS1.0:-VERS-TLS1.1:-3DES-CBC:-ARCFOUR-128"
}
再打开/opt/janus/etc/janus/janus.transport.websockets.jcfg, 修改generals和certificates,启用wss。
general: {
        ws = true
        ws_port = 8188
        #ws_interface = "eth0"
        #ws_ip = "192.168.0.1"
        wss = true
        wss_port = 8989
}
certificates: {
        cert_pem = "/home/ssl/cert.pem"    //使用之前生成的
        cert_key = "/home/ssl/key.pem"      //使用之前生成的
        cert_pwd = "123456"
        #ciphers = "PFS:-VERS-TLS1.0:-VERS-TLS1.1:-3DES-CBC:-ARCFOUR-128"
}
运行
/opt/janus/bin/janus --debug-level=7
查看打印信息
Janus 的视频会议插件运行成功
JANUS VideoRoom plugin initialized!
Janus的websocket启动成功
WebSockets thread started
Janus的http启动成功
HTTP webserver started (port 8088, /janus path listener)...
检查运行端口
lsof -i | grep janus
8089是https, 8188是ws, 8989是wss(websocket secure)
网页端的demo,在janus下载的源码就有了。在源码根目录的html目录下。
如果janus部署在本地,不需要ssl,http就可以,如果在云端,需要ssl通过https访问
打开https://IP:8442。是一个网页
如果要用websocket的ws或者wss,需要修改html/echotest.js或者html/videoroomtest.js文件,把server字段改一下,例如:
var server = "ws://" + window.location.hostname + ":8188";
coturn服务器配置
stun_server = "stun.domain.net"/"stun3.l.google.com"(免费)
stun_port = 3478
nice_debug = false
###要配置nat_1_1_mapping,且为当前服务器的公共ip地址.
nat_1_1_mapping = "publicIP"
#ice_ignore_list = "vmnet"
云服务器需要打开的端口
20000-40000:在spi plugin的配置文件里面,rtp 传输数据时候需要用到20000-40000[默认]这个区间的端口, 需要在阿里云以及防火墙上面都放开
/opt/janus/etc/janus/janus.plugin.sip.jcfg
firewall-cmd --add-port=20000-40000/udp --permanent
firewall-cmd --reload
coturn
3478:udp/tcp
443:tcp----8442
8088:tcp
8089:tcp
8090:tcp
40000-60000:udp
服务器防火墙相关
sudo ufw status
sudo ufw disable
systemctl  stop  firewalld
4.配置nginx服务器访问html
修改http server,配置SSL可以通过https访问,拉起摄像头
# HTTPS server
#
server {
    listen       8442 ssl;
    server_name  localhost;

    ssl_certificate      /root/janus/ssl/server.crt;
    ssl_certificate_key  /root/janus/ssl/server.key;

    location / {
        root   /root/janus/janus-gateway/html;
        index  videoroomtest.html;
    }
}
如果需要ice
server: server,iceServers: [{urls: "turn:domain.com.cn:3478改成你自己的域名或ip", username: "user改成你自己的账号", credential: "123456改成你自己的密码"}],

版权声明:本文为b711183612原创文章,遵循CC 4.0 BY-SA版权协议,转载请附上原文出处链接和本声明。