turnserver文档笔记

HOLD ON!

已于 2023-08-04 10:11:44 修改

阅读量3k

点赞数 1

文章标签： webrtc

于 2023-08-01 10:16:59 首次发布

本文链接：https://blog.csdn.net/cxu123321/article/details/132036483

版权

turnserver搭建逻辑图

原理不清楚，逻辑大概是这样

在这里插入图片描述

https://github.com/coturn/coturn/wiki/turnserver
turnserver是一个turn传送服务

turnserver命令详解

Flags:
-v, --verbose 'Moderate' verbose mode.中等详细模式
-V, --Verbose 'Extra'(额外) verbose mode, very annoying(烦人) and not recommended(不推荐).
-o, --daemon Run server process as daemon(守护模式, 后台运行).
-f, --fingerprint Use fingerprints(指纹) in the TURN messages. If an incoming request contains fingerprint, then TURN server will always add fingerprints to the messages in this session(如果接受的请求包含指纹,那返回也有指纹), regardless of the per-server setting.(无论每台服务的配置如何)
-a, --lt-cred-mech Use long-term credentials mechanism (this one you need for WebRTC usage).
-z, --no-auth Do not use any credentials mechanism, allow anonymous access. Opposite to -a and -A options.
--use-auth-secret TURN REST API flag. Flag that sets a special WebRTC authorization option that is based upon authentication secret. This feature purpose is to support "TURN Server REST API" as described in TURNServerRESTAPI.pdf in the docs. This option is used with long-term credentials mechanism.
--oauth Support oAuth authentication, as in the RFC 7635. The oAuth keys must be stored in the database, and handled by an external program. The TURN server expects the keys to be present in the database, and the TURN server does not handle the keys by itself. In the specs document, section 4.1, several key-management schemes are proposed and to be followed by the external key-management program.
--dh566 Use 566 bits DH TLS key. Default size of the key is 1066.
--dh2066 Use 2066 bits DH TLS key. Default size of the key is 1066.
--no-tlsv1 Do not allow TLSv1 protocol.
--no-tlsv1_1 Do not allow TLSv1.1 protocol.
--no-tlsv1_2 Do not allow TLSv1.2 protocol.
--no-udp Do not start 'plain' UDP listeners.
--no-tcp Do not start 'plain'TCP listeners.
--no-tls Do not start TLS listeners.
--no-dtls Do not start DTLS listeners. This is recommended when you do not need DTLS. With this option, the plain UDP works faster.
--no-udp-relay Do not allow UDP relay endpoints defined in RFC 5766, use only TCP relay endpoints as defined in RFC 6062.
--no-tcp-relay Do not allow TCP relay endpoints defined in RFC 6062, use only UDP relay endpoints as defined in RFC 5766.
--stale-nonce Use extra security with nonce value having limited lifetime (600 secs).
--no-stdout-log Flag to prevent stdout log messages. By default, all log messages are going to both stdout and to the configured log. With this option everything will be going to the configured log file only (unless the log file itself is stdout).
--syslog Flag to redirect everything into the system log (syslog).
--simple-log This flag means that no log file rollover will be used, and the log file name will be constructed as-is, without PID and date appendage. This option can be used, for example, together with logrotate tool.
--no-loopback-peers Disallow peers on the loopback addresses (127.x.x.x and ::1).
--allow-loopback-peers Allow peers on the loopback addresses (127.x.x.x and ::1). Allow it only for testing in a development environment! In production it adds a possible security vulnerability, and so due to security reasons, it is not allowed using it together with empty cli-password.
--no-multicast-peers Disallow peers on well-known broadcast addresses (224.0.0.0 and above, and FFXX:*).
--udp-self-balance (recommended for older Linuxes only) balance the UDP traffic among the aux endpoints (for clients supporting 300 ALTERNATE-SERVER response). See --aux-server option.
--secure-stun Require authentication of the STUN Binding request. By default, the clients are allowed anonymous access to the STUN Binding functionality.
-S, --stun-only Run as STUN server only, all TURN requests will be ignored. Option to suppress TURN functionality, only STUN requests will be processed.
--no-stun Run as TURN server only, all STUN requests will be ignored. Option to suppress STUN functionality, only TURN requests will be processed.
--mobility Mobility with ICE (MICE) specs support.
--no-cli Turn OFF the CLI support. By default it is always ON, and the process turnserver accepts the telnet client connections on IP address 127.0.0.1, port 5766. See also options --cli-ip, --cli-port and --cli-password.
--server-relay Server relay. NON-STANDARD AND DANGEROUS OPTION. Only for an application that want to run a server on the relay endpoints. This option eliminates the IP permissions check on the packets incoming to the relay endpoints. That makes the system vulnerable to DOS attack, for example, among other bad things. The rule is: if you do not understand what is this option about and why would you need it, then you absolutely must NOT use it under any circumstances. See http://tools.ietf.org/search/rfc5766#section-17.2.3 .
--check-origin-consistency The flag that sets the origin consistency check: across the session, all requests must have the same main ORIGIN attribute value (if the ORIGIN was initially used by the session).
-h Help.
Config file setting:
-n Do not use configuration file, use only command line parameters.
-c <file-name> Configuration file name (default - turnserver.conf). The format of config file can be seen in the supplied examples/etc/turnserver.conf example file. Long names of the options are used as the configuration items names in the file. If not an absolute path is supplied, then the file is searched in the following directories:
current directory
current directory etc/ subdirectory
upper directory level etc/
/etc/
/usr/local/etc/