1.拉取coturn镜像
docker pull coturn/coturn2.从源码找到turndb/schema.sql脚本创建数据库,使用turndb/testsqldbsetup.sql脚本初始化一些数据,不需要的数据可以删除,比如默认的用户信息。
源码地址:coturn/coturn: coturn TURN server project (github.com)
3.给turnusers_lt表插入用户信息,可以根据业务情况动态增删,其中字段描述如下:
realm:和下面的urnserver.conf文件里配置的realm保持一致,相当于组织域名;
name:用户名,对应于RTCPeerConnection的config中的username;
hmackey:密码HASH值,计算公式为小写的md5(username:realm:password)
createTime:数据创建时间;后面这两列是我根据业务情况自行增加的字段
createUserId:数据创建者ID;后面这两列是我根据业务情况自行增加的字段
4.从源码找到turnserver.conf文件复制并修改
# Coturn TURN SERVER configuration file
# ……
# Lower and upper bounds of the UDP relay endpoints:
# (default values are 49152 and 65535)
#
min-port=49152
max-port=65535
# Uncomment to use long-term credential mechanism.
# By default no credentials mechanism is used (any user allowed).
#
lt-cred-mech
# 'Static' user accounts for the long term credentials mechanism, only.
# This option cannot be used with TURN REST API.
# 'Static' user accounts are NOT dynamically checked by the turnserver process,
# so they can NOT be changed while the turnserver is running.
#
#user=username1:key1
#user=username2:key2
# OR:
#user=username1:password1
#user=username2:password2
user=test:test
# MySQL database connection string in the case that you are using MySQL
# as the user database.
# This database can be used for the long-term credential mechanism
# and it can store the secret value for secret-based timed authentication in TURN REST API.
#
# Optional connection string parameters for the secure communications (SSL):
# ca, capath, cert, key, cipher
# (see http://dev.mysql.com/doc/refman/5.1/en/ssl-options.html for the
# command options description).
#
# Use the string format below (space separated parameters, all optional):
#
#mysql-userdb="host=<host> dbname=<database-name> user=<database-user> password=<database-user-password> port=<port> connect_timeout=<seconds> read_timeout=<seconds>"
mysql-userdb="host=127.0.0.1 dbname=coturn user=coturn password=xxx port=3306 connect_timeout=5 read_timeout=30"
# The default realm to be used for the users when no explicit
# origin/realm relationship is found in the database, or if the TURN
# server is not using any database (just the commands-line settings
# and the userdb file). Must be used with long-term credentials
# mechanism or with TURN REST API.
#
# Note: If the default realm is not specified, then realm falls back to the host domain name.
# If the domain name string is empty, or set to '(None)', then it is initialized as an empty string.
#
realm=realm.o
# Option to redirect all log output into system log (syslog).
#
syslog
# Disable RFC5780 (NAT behavior discovery).
#
# Originally, if there are more than one listener address from the same
# address family, then by default the NAT behavior discovery feature enabled.
# This option disables the original behavior, because the NAT behavior
# discovery adds extra attributes to response, and this increase the
# possibility of an amplification attack.
#
# Strongly encouraged to use this option to decrease gain factor in STUN
# binding responses.
#
no-rfc5780
完整文件很长,这里只列出部分内容,主要是设置端口范围,用户密码使用的mysql数据库连接信息,要求身份验证等。
5.使用docker运行服务
docker run -itd --name=coturn --network host -v /data/turnserver.conf:/etc/turnserver.conf coturn/coturn turnserver -a -f -v --log-file stdout容器使用宿主机的网络,默认端口号3478/TCP,以及上述文件中的UDP端口,将turnserver.conf文件映射到容器内,-a -f 等参数可以进入容器查看帮助信息。
宿主机防火墙开通3478/tcp和49152-65535/udp端口
6.异常排查:
如果出现realm <realm.o> user <>: incoming packet message processed, error 401: Unauthorized
一般情况是用户密码错误。
如果不使用-a的身份验证,会因为网络情况随机出现在连接成功几秒到几十秒就自动中断的情况。
7332
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
