coturn 连接mysql_coTurn 使用测试方法

1 turnserver: unknown option --help2 0: log file opened: /var/log/turn_5112_2017-03-08.log3 0:4 RFC 3489/5389/5766/5780/6062/6156 STUN/TURN Server5 Version Coturn-4.5.0.4 ‘dan Eider‘

6 0:7 Max number of open files/sockets allowed for this process: 3200

8 0:9 Due to the open files/sockets limitation,10 max supported number of TURN Sessions possible is: 1000(approximately)11 0:12

13 ==== Show him the instruments, Practical Frost: ====

14

15 0: TLS supported16 0: DTLS supported17 0: DTLS 1.2supported18 0: TURN/STUN ALPN supported19 0: Third-party authorization (oAuth) supported20 0: GCM (AEAD) supported21 0: OpenSSL compile-time version: OpenSSL 1.0.2k 26 Jan 2017

22 0:23 0: SQLite supported, default database location is /usr/local/var/db/turndb24 0: Redis is not supported25 0: PostgreSQL supported26 0: MySQL supported27 0: MongoDB is not supported28 0:29 0: Default Net Engine version: 2(UDP thread per network endpoint)30

31 =====================================================

32

33 0: Config file found: /usr/local/etc/turnserver.conf34 0: Listener address to use: 192.168.1.103

35 turnserver: unknown option --help36

37 Usage: turnserver [options]38 Options:39 -d, --listening-device Listener interface device (NOT RECOMMENDED. Optional, Linux only).40 -p, --listening-port TURN listener port (Default: 3478).41 Note: actually, TLS & DTLS sessions can connect to the "plain" TCP &UDP port(s), too,42 ifallowed by configuration.43 --tls-listening-port TURN listener port for TLS &DTLS listeners44 (Default: 5349).45 Note: actually, "plain" TCP & UDP sessions can connect to the TLS &DTLS port(s), too,46 ifallowed by configuration. The TURN server47 "automatically"recognizes the type of traffic. Actually, two listening48 endpoints (the "plain" one and the "tls" one) are equivalent interms of49 functionality; but we keep both endpoints to satisfy the RFC 5766specs.50 For secure TCP connections, we currently support SSL version 3and51 TLS versions 1.0, 1.1 and 1.2. For secure UDP connections, we support52 DTLS version 1.53 --alt-listening-port Alternative listening port for STUN CHANGE_REQUEST (in RFC 5780sense,54 or in old RFC 3489 sense, default is "listening port plus one").55 --alt-tls-listening-port Alternative listening port forTLS and DTLS,56 the default is "TLS/DTLS port plus one".57 -L, --listening-ip Listener IP address of relay server. Multiple listeners can be specified.58 --aux-server Auxiliary STUN/TURN server listening endpoint.59 Auxiliary servers donot have alternative ports and60 they do not support RFC 5780functionality (CHANGE REQUEST).61 Valid formats are 1.2.3.4:5555 for IPv4 and [1:2::3:4]:5555 forIPv6.62 --udp-self-balance (recommended forolder Linuxes only) Automatically balance UDP traffic63 over auxiliary servers (ifconfigured).64 The load balancing is using the ALTERNATE-SERVER mechanism.65 The TURN client must support 300 ALTERNATE-SERVER response forthis functionality.66 -i, --relay-device Relay interface device forrelay sockets (NOT RECOMMENDED. Optional, Linux only).67 -E, --relay-ip Relay address (the local IP address that will be used to relay the68 packets to the peer).69 Multiple relay addresses may be used.70 The same IP(s) can be used as both listening IP(s) and relay IP(s).71 If no relay IP(s) specified, thenthe turnserver will apply the default72 policy: it will decide itself whichrelay addresses to be used, and it73 will always be using the client socket IP address as the relay IP address74 of the TURN session (ifthe requested relay address family is the same75 as the family of the client socket).76 -X, --external-ip TURN Server public/private address mapping, ifthe server is behind NAT.77 In that situation, if a -X is used in form "-X ip" thenthat ip will be reported78 as relay IP address of all allocations. This scenario works only in a simple case

79 when one single relay address is be used, and no STUN CHANGE_REQUEST80 functionality is required.81 That single relay address must be mapped by NAT to the ‘external‘IP.82 For that ‘external‘ IP, NAT must forward ports directly (relayed port 12345

83 must be always mapped to the same ‘external‘ port 12345).84 In more complex case when morethan one IP address is involved,85 that option must be used several times inthe command line, each entry must86 have form "-X public-ip/private-ip", to map all involved addresses.87 --no-loopback-peers Disallow peers on the loopback addresses (127.x.x.x and ::1).88 --no-multicast-peers Disallow peers on well-known broadcast addresses (224.0.0.0 and above, and FFXX:*).89 -m, --relay-threads Number of relay threads to handle the established connections90 (inaddition to authentication thread and the listener thread).91 If explicitly set to 0 then application runs in single-threaded mode.92 If not set then a default OS-dependent optimal algorithm will be employed.93 The default thread number is the number of CPUs.94 In older systems (pre-Linux 3.9) the number of UDP relay threads always equals95 the number of listening endpoints (unless -m 0is set).96 --min-port Lower bound of the UDP port range forrelay endpoints allocation.97 Default value is 49152, according to RFC 5766.98 --max-port Upper bound of the UDP port range forrelay endpoints allocation.99 Default value is 65535, according to RFC 5766.100 -v, --verbose ‘Moderate‘verbose mode.101 -V, --Verbose Extra verbose mode, very annoying (fordebug purposes only).102 -o, --daemon Start process as daemon (detach from current shell).103 -f, --fingerprint Use fingerprints inthe TURN messages.104 -a, --lt-cred-mech Use the long-term credential mechanism.105 -z, --no-auth Do not use any credential mechanism, allow anonymous access.106 -u, --user User account, in form ‘username:password‘, for long-term credentials.107 Cannot be used with TURN REST API.108 -r, --realm The default realm to be used forthe users when no explicit109 origin/realm relationship was found inthe database.110 Must be used with long-term credentials111 mechanism or with TURN REST API.112 --check-origin-consistency The flag that sets the origin consistency check:113 across the session, all requests must have the same114 main ORIGIN attribute value (ifthe ORIGIN was115 initially used by the session).116 -q, --user-quota Per-user allocation quota: how many concurrent allocations a user can create.117 This option can also be set through the database, fora particular realm.118 -Q, --total-quota Total allocations quota: global limit on concurrent allocations.119 This option can also be set through the database, fora particular realm.120 -s, --max-bps Default max bytes-per-second bandwidth a TURN session is allowed to handle121 (input and output network streams are treated separately). Anything above122 that limit will be dropped or temporary suppressed123 (within the available buffer limits).124 This option can also be set through the database, fora particular realm.125 -B, --bps-capacity Maximum server capacity.126 Total bytes-per-second bandwidth the TURN server is allowed to allocate127 forthe sessions, combined (input and output network streams are treated separately).128 -c Configuration file name (default -turnserver.conf).129 -b, , --db, --userdb SQLite database file name; default - /var/db/turndb or130 /usr/local/var/db/turndb or /var/lib/turn/turndb.131 -e, --psql-userdb, --sql-userdb PostgreSQL database connection string, if used (default -empty, no PostreSQL DB used).132 This database can be used for long-term credentials mechanism users,133 and it can store the secret value(s) for secret-based timed authentication inTURN RESP A134 See http://www.postgresql.org/docs/8.4/static/libpq-connect.html for 8.x PostgreSQL

135 versions format, see136 http://www.postgresql.org/docs/9.2/static/libpq-connect.html#LIBPQ-CONNSTRING

137 for 9.x and newer connection stringformats.138 -M, --mysql-userdb MySQL database connection string, if used (default -empty, no MySQL DB used).139 This database can be used for long-term credentials mechanism users,140 and it can store the secret value(s) for secret-based timed authentication inTURN RESP A141 The connection string my be space-separated list of parameters:142 "host= dbname= user= \

143 password= port= connect_timeout=

145 The connection string parameters forthe secure communications (SSL):146 ca, capath, cert, key, cipher147 (see http://dev.mysql.com/doc/refman/5.1/en/ssl-options.html for the

148 command options description).149

150 All connection-stringparameters are optional.151

152 --use-auth-secret TURN REST API flag.153 Flag that sets a special authorization option that is based upon authentication secret154 (TURN Server REST API, see TURNServerRESTAPI.pdf). This option is used with timestamp.155 --static-auth-secret ‘Static‘ authentication secret value (a string) forTURN REST API only.156 If not set, then the turn server will try to use the ‘dynamic‘value157 in turn_secret table in user database (ifpresent).158 That database value can be changed on-the-fly159 by a separate program, so this is why it is ‘dynamic‘.160 Multiple shared secrets can be used (both in the database and in the "static"fashion).161 --server-name Server name used for

162 the oAuth authentication purposes.163 The default value is the realm name.164 --oauth Support oAuth authentication.165 -n Do not use configuration file, take all parameters from the command line only.166 --cert Certificate file, PEM format. Same filesearch rules167 applied as for the configuration file.168 If both --no-tls and --no_dtls options169 are specified, thenthis parameter is not needed.170 --pkey Private key file, PEM format. Same filesearch rules171 applied as for the configuration file.172 If both --no-tls and --no-dtls options173 --pkey-pwd If the private key file is encrypted, thenthis password to be used.174 --cipher-list Allowed OpenSSL cipher list for TLS/DTLS connections.175 Default value is "DEFAULT".176 --CA-file CA file inOpenSSL format.177 Forces TURN server to verify the client SSL certificates.178 By default, no CA is set and no client certificate check is performed.179 --ec-curve-name Curve name for EC ciphers, ifsupported by OpenSSL180 library (TLS and DTLS). The default value is prime256v1,181 if pre-OpenSSL 1.0.2 is used. With OpenSSL 1.0.2+,182 an optimal curve will be automatically calculated, ifnot defined183 by this option.184 --dh566 Use 566 bits predefined DH TLS key. Default size of the predefined key is 1066.185 --dh2066 Use 2066 bits predefined DH TLS key. Default size of the predefined key is 1066.186 --dh-file Use custom DH TLS key, stored in PEM format in the file.187 Flags --dh566 and --dh2066 are ignored when the DH key is taken from a file.188 --no-tlsv1 Do not allow TLSv1/DTLSv1 protocol.189 --no-tlsv1_1 Do not allow TLSv1.1protocol.190 --no-tlsv1_2 Do not allow TLSv1.2/DTLSv1.2protocol.191 --no-udp Do not start UDP client listeners.192 --no-tcp Do not start TCP client listeners.193 --no-tls Do not start TLS client listeners.194 --no-dtls Do not start DTLS client listeners.195 --no-udp-relay Do not allow UDP relay endpoints, use only TCP relay option.196 --no-tcp-relay Do not allow TCP relay endpoints, use only UDP relay options.197 -l, --log-file Option to set the full path name of the log file.198 By default, the turnserver tries to open a log file in

199 /var/log/turnserver/, /var/log, /var/tmp, /tmp and . (current) directories200 (which open operation succeeds first that filewill be used).201 With this option you can set the definite log filename.202 The special names are "stdout" and "-" -they will force everything203 to the stdout; and "syslog"name will force all output to the syslog.204 --no-stdout-log Flag to prevent stdout log messages.205 By default, all log messages are going to both stdout and to206 a log file. With this option everything will be going to the log fileonly207 (unless the log fileitself is stdout).208 --syslog Output all log information into the system log (syslog), do not use the fileoutput.209 --simple-log This flag means that no log file rollover will be used, and the log file

210 name will be constructed as-is, without PID and dateappendage.211 This option can be used, forexample, together with the logrotate tool.212 --stale-nonce Use extra security with nonce value having limited lifetime (600secs).213 -S, --stun-only Option to set standalone STUN operation only, all TURN requests will be ignored.214 --no-stun Option to suppress STUN functionality, only TURN requests will be processed.215 --alternate-server Set the TURN server to redirect the allocate requests (UDP and TCP services).216 Multiple alternate-server options can be set forload balancing purposes.217 See the docs for moreinformation.218 --tls-alternate-server Set the TURN server to redirect the allocate requests (DTLS and TLS services).219 Multiple alternate-server options can be set forload balancing purposes.220 See the docs for moreinformation.221 -C, --rest-api-separator This is the timestamp/username separator symbol (character) inTURN REST API.222 The default value is ‘:‘.223 --max-allocate-timeout= Max time, in seconds, allowed for full allocation establishment. Default is 60.224 --allowed-peer-ip=Specifies an ip or range of ips that are explicitly allowed to connect to the225 turn server. Multiple allowed-peer-ip can be set.226 --denied-peer-ip=Specifies an ip or range of ips that are not allowed to connect to the turn server.227 Multiple denied-peer-ip can be set.228 --pidfile File name to store the pid of the process.229 Default is /var/run/turnserver.pid (ifsuperuser account is used) or230 /var/tmp/turnserver.pid .231 --secure-stun Require authentication of the STUN Binding request.232 By default, the clients are allowed anonymous access to the STUN Binding functionality.233 --proc-user User name to run the turnserver process.234 After the initialization, the turnserver process235 will makean attempt to change the current user ID to that user.236 --proc-group Group name to run the turnserver process.237 After the initialization, the turnserver process238 will makean attempt to change the current group ID to that group.239 --mobility Mobility with ICE (MICE) specs support.240 --no-cli Turn OFF the CLI support. By default it is always ON.241 --cli-ip= Local system IP address to be used forCLI server endpoint. Default value242 is 127.0.0.1.243 --cli-port= CLI server port. Default is 5766.244 --cli-password=CLI access password. Default is empty (no password).245 For the security reasons, it is recommended to use the encrypted246 for of the password (see the -P command inthe turnadmin utility).247 The dollar signs inthe encrypted form must be escaped.248 --server-relay Server relay. NON-STANDARD AND DANGEROUS OPTION. Only forthose applications249 when we want to run server applications on the relay endpoints.250 This option eliminates the IP permissions check on the packets251 incoming to the relay endpoints.252 --cli-max-output-sessions Maximum number of output sessions in psCLI command.253 This value can be changed on-the-fly in CLI. The default value is 256.254 --ne=[1|2|3] Set network engine type for the process (forinternal purposes).255 -h Help256

257 For moreinformation, see the wiki pages:258

259 https://github.com/coturn/coturn/wiki/