参考这位大佬的文章https://blog.csdn.net/jia2719/article/details/87345724
同时结合部署过程中遇到的一些问题,总结出下面的部署流程,用到的CentOS7的版本是
CentOS-7-x86_64-DVD-2009
#安装必要插件
yum install -y epel-release && \
yum update -y && \
yum install -y deltarpm && \
yum install -y openssh-server sudo which file curl zip unzip wget && \
yum install -y libmicrohttpd-devel jansson-devel libnice-devel glib22-devel opus-devel libogg-devel pkgconfig gengetopt libtool autoconf automake make gcc gcc-c++ git cmake libconfig-devel openssl-devel
#安装 libsrtp 1.5.4
wget https://github.com/cisco/libsrtp/archive/v1.5.4.tar.gz
tar xfv v1.5.4.tar.gz
cd libsrtp-1.5.4
./configure --prefix=/usr --enable-openssl
make shared_library && sudo make install
#安装 libsrtp 2.0.0
wget https://github.com/cisco/libsrtp/archive/v2.0.0.tar.gz
tar xfv v2.0.0.tar.gz
cd libsrtp-2.0.0
./configure --prefix=/usr --enable-openssl
make shared_library && sudo make install
#安装 sofia-sip
wget https://sourceforge.net/projects/sofia-sip/files/sofia-sip/1.12.11/sofia-sip-1.12.11.tar.gz
tar zxf sofia-sip-1.12.11.tar.gz && cd sofia-sip-1.12.11 && ./configure --prefix=/usr CFLAGS=-fno-aggressive-loop-optimizations && make && make install
#安装 usrsctp
git clone https://github.com/sctplab/usrsctp && cd usrsctp && \
./bootstrap && \
./configure --prefix=/usr && make && make install
#如果git clone报超时或者其他错误,试试看clone的地址前面加上 https://ghproxy.com/
#即执行git clone https://ghproxy.com/https://github.com/sctplab/usrsctp
#安装 libwebsocket
git clone https://github.com/warmcat/libwebsockets && \
mkdir libwebsockets/build && cd libwebsockets/build && \
cmake -DMAKE_INSTALL_PREFIX:PATH=/usr -DCMAKE_C_FLAGS="-fpic" .. && \
make && make install
#升级gcc版本到7,不然后面可能会报错
sudo yum install -y centos-release-scl
sudo yum install -y scl-utils-build
sudo yum install -y devtoolset-7-gcc*
sudo yum install -y devtoolset-7-gdb*
scl enable devtoolset-7 bash
gcc --version
#安装ice库
yum install meson
git clone https://gitee.com/mirrors/libnice
cd libnice
meson --prefix=/usr build && ninja -C build && sudo ninja -C build install
#下面安装libmicrohttpd用于janus提供http服务,不装的话,janus配置文件里面会没有janus.transport.http.jcfg这个配置
wget https://ftp.gnu.org/gnu/nettle/nettle-3.4.tar.gz
tar zxvf nettle-3.4.tar.gz
cd nettle-3.4
./configure --prefix=/usr/
make
make check #测试一下
make install
wget ftp://ftp.gnutls.org/gcrypt/gnutls/v3.5/gnutls-3.5.9.tar.xz
tar xvf gnutls-3.5.9.tar.xz
cd gnutls-3.5.9
PKG_CONFIG_PATH=/usr/local/lib64/pkgconfig
./configure --with-included-libtasn1 --with-included-unistring --without-p11-kit
sudo make && sudo make install
wget https://ftp.gnu.org/gnu/libmicrohttpd/libmicrohttpd-0.9.71.tar.gz
tar zxf libmicrohttpd-0.9.71.tar.gz
cd libmicrohttpd-0.9.71/
./configure --with-ssl --enable-https=yes
make && sudo make install
export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig
#安装nginx
yum install nginx
#启动nginx
systemctl start nginx.service
#生成https证书,安装认证要填写一些信息,直接都回车就行了
mkdir /etc/nginx/ssl
openssl req -x509 -nodes -days 36500 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt
#配置nginx
vi /etc/nginx/conf.d/default.conf
#然后重启nginx
#default.conf的内容为
server {
listen 80;
listen *:443 ssl;
server_name localhost;
location / {
root /opt/janus/share/janus/demos;
index index.html index.htm index.php;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
ssl_certificate /etc/nginx/ssl/nginx.crt; #就是上面https证书的位置
ssl_certificate_key /etc/nginx/ssl/nginx.key;#就是上面https证书的位置
}
#最后安装janus
#Janus
#if cannot configure plugin sofia,Perhaps you should add the directory containing `sofia-sip-ua.pc' to the PKG_CONFIG_PATH environment variable,
#for example centos7 :export PKG_CONFIG_PATH=$PKG_CONFIG_PATH:/usr/lib/pkgconfig
export PKG_CONFIG_PATH=$PKG_CONFIG_PATH:/usr/lib/pkgconfig
#if cannot load libsofia-sip-ua.so.0 , try ldconfig -v
git clone https://github.com/meetecho/janus-gateway.git && \
cd janus-gateway &&\
sh autogen.sh && \
./configure --prefix=/opt/janus --disable-rabbitmq --disable-docs --disable-libsrtp2 &&\
make && make install && make configs
#然后执行下面两条指令 (这步应该是必须的)
ldconfig
export LD_LIBRARY_PATH=/usr/local/lib
#修改janus里的配置
cd /opt/janus/etc/janus
#主要修改这几个配置文件
#janus.jcfg
#janus.transport.http.jcfg
#janus.transport.websockets.jcfg
#修改的内容为
#janus.jcfg
certificates: {
cert_pem = "/etc/nginx/ssl/nginx.crt"
cert_key = "/etc/nginx/ssl/nginx.key"
#cert_pwd = "secretpassphrase"
#ciphers = "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256"
}
#janus.transport.http.jcfg
general: {
#events = true # Whether to notify event handlers about transport events (default=true)
json = "indented" # Whether the JSON messages should be indented (default),
base_path = "/janus" # Base path to bind to in the web server (plain HTTP only)
http = true # Whether to enable the plain HTTP interface
port = 8088 # Web server HTTP port
#interface = "eth0" # Whether we should bind this server to a specific interface only
#ip = "192.168.0.1" # Whether we should bind this server to a specific IP address (v4 or v6) only
https = true # Whether to enable HTTPS (default=false)
secure_port = 8089 # Web server HTTPS port, if enabled
#secure_interface = "eth0" # Whether we should bind this server to a specific interface only
#secure_ip = "192.168.0.1" # Whether we should bind this server to a specific IP address (v4 or v6) only
#acl = "127.,192.168.0." # Only allow requests coming from this comma separated list of addresses
#mhd_connection_limit = 1020 # Open connections limit in libmicrohttpd (default=1020)
#mhd_debug = false # Ask libmicrohttpd to write warning and error messages to stderr (default=false)
}
admin: {
admin_base_path = "/admin" # Base path to bind to in the admin/monitor web server (plain HTTP only)
admin_http = true # Whether to enable the plain HTTP interface
admin_port = 7088 # Admin/monitor web server HTTP port
#admin_interface = "eth0" # Whether we should bind this server to a specific interface only
#admin_ip = "192.168.0.1" # Whether we should bind this server to a specific IP address (v4 or v6) only
admin_https = true # Whether to enable HTTPS (default=false)
admin_secure_port = 7889 # Admin/monitor web server HTTPS port, if enabled
#admin_secure_interface = "eth0" # Whether we should bind this server to a specific interface only
#admin_secure_ip = "192.168.0.1" # Whether we should bind this server to a specific IP address (v4 or v6) only
#admin_acl = "127.,192.168.0." # Only allow requests coming from this comma separated list of addresses
}
certificates: {
cert_pem = "/etc/nginx/ssl/nginx.crt"
cert_key = "/etc/nginx/ssl/nginx.key"
#cert_pwd = "secretpassphrase"
#ciphers = "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256"
}
#janus.transport.websockets.jcfg
general: {
#events = true # Whether to notify event handlers about transport events (default=true)
json = "indented" # Whether the JSON messages should be indented (default),
#pingpong_trigger = 30 # After how many seconds of idle, a PING should be sent
#pingpong_timeout = 10 # After how many seconds of not getting a PONG, a timeout should be detected
ws = true
ws_port = 8188 # WebSockets server port
#ws_interface = "eth0" # Whether we should bind this server to a specific interface only
#ws_ip = "192.168.0.1" # Whether we should bind this server to a specific IP address only
#ws_unix = "/run/ws.sock" # Use WebSocket server over UNIX socket instead of TCP
wss = true # Whether to enable secure WebSockets
wss_port = 8989 # WebSockets server secure port, if enabled
#wss_interface = "eth0" # Whether we should bind this server to a specific interface only
#wss_ip = "192.168.0.1" # Whether we should bind this server to a specific IP address only
#wss_unix = "/run/wss.sock" # Use WebSocket server over UNIX socket instead of TCP
#ws_logging = "err,warn" # libwebsockets debugging level as a comma separated list of things
#ws_acl = "127.,192.168.0." # Only allow requests coming from this comma separated list of addresses
}
admin: {
admin_ws = false # Whether to enable the Admin API WebSockets API
admin_ws_port = 7188 # Admin API WebSockets server port, if enabled
#admin_ws_interface = "eth0" # Whether we should bind this server to a specific interface only
#admin_ws_ip = "192.168.0.1" # Whether we should bind this server to a specific IP address only
#admin_ws_unix = "/run/aws.sock" # Use WebSocket server over UNIX socket instead of TCP
admin_wss = true # Whether to enable the Admin API secure WebSockets
admin_wss_port = 7989 # Admin API WebSockets server secure port, if enabled
#admin_wss_interface = "eth0" # Whether we should bind this server to a specific interface only
#admin_wss_ip = "192.168.0.1" # Whether we should bind this server to a specific IP address only
#admin_wss_unix = "/run/awss.sock" # Use WebSocket server over UNIX socket instead of TCP
#admin_ws_acl = "127.,192.168.0." # Only allow requests coming from this comma separated list of addresses
}
certificates: {
cert_pem = "/etc/nginx/ssl/nginx.crt"
cert_key = "/etc/nginx/ssl/nginx.key"
#cert_pwd = "secretpassphrase"
#ciphers = "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256"
}
#修改前端页面的配置,把请求方式改成websocket的,如果是用原来https请求的话,要重新调整过nginx的配置,不然会阻塞超时,页面中会报net::ERR_INCOMPLETE_CHUNKED_ENCODING 200 (OK)这个错
cd /opt/janus/share/janus/demos
vi setting.js
var server = "wss://" + window.location.hostname + ":8989/janus";
#针对上面https交互的问题,nginx配置需要做如下调整 增加 location /janus location /admin 和 location ~ \.() 三个配置
#然后重启nginx
server {
listen 80;
listen *:443 ssl;
server_name localhost;
location / {
root /opt/janus/share/janus/demos;
index index.html index.htm index.php;
}
location /janus {
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://your_ip:8088/janus; #要正确填写你服务器的ip地址
}
location /admin {
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://your_ip:7088/admin; #要正确填写你服务器的ip地址
}
location ~ \.(bmp|gif|jpg|png|css|js|cur|flv|ico|swf|doc|pdf|html)$ {
root /opt/janus/share/janus/demos;
expires 1d;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
}
#然后修改setting.js中server的值。
#var server = "/janus";
#这样就可以正常通过https交互访问了,如果页面还报一个502Bad Way的问题,同时nginx里面报了一个connect() to ip:8088 failed (13: Permission denied) while connecting to upstream的错,原因是SELinux限制了nginx对外访问的权限,执行下面操作
#查网络访问的配置
getsebool -a | grep httpd_can_network_connect
#如果出现如下结果
#httpd_can_network_connect --> off
#则执行如下命令取消限制:
#SELinux命令,临时配置,重启后失效
setsebool httpd_can_network_connect=1
#写入配置文件的命令,重启后保留,推荐这种方式
setsebool -P httpd_can_network_connect 1
#最后到/opt/janus/bin 下启动janus,如果看到刚刚配置的几个端口成功启动了那就说明可以了,以上的配置可能并不是都要改,主要就是websocket配置那个wss = false改为true, 启用8989那个端口和http配置的https = false 改为true,启用8089端口 。同时涉及到certificates这个配置应该是一定要改的。
#页面访问 https://your_ip/index.html
./janus