注:
libwebsockets(支持 WebSocket)
libsrtp 和 libusrsctp(音视频流传输控制和数据协议支持)
libmicrohttpd(支持 http/https)
Janus
nginx(提供 web 服务)
1. 基础环境依赖安装
yum install -y epel-release
yum update -y
yum install -y deltarpm
yum install doxygen graphviz
yum install -y openssh-server sudo which file curl zip unzip wget
yum install -y libmicrohttpd-devel jansson-devel libnice-devel glib2-devel opus-devel libogg-devel pkgconfig gengetopt libtool autoconf automake libsrtp-devel sofia-sip-devel libcurl-devel make gcc gcc-c++ git cmake libconfig-devel openssl-devel libevent libevent-devel sqlite sqlite-devel postgresql-devel postgresql-server mysql-devel mysql-server hiredis hiredis-devel
export PKG_CONFIG_PATH=$PKG_CONFIG_PATH:/usr/lib/pkgconfig
2. 安装libsrtp
mkdir -p stcc/janus
cd /stcc/janus/
wget https://github.com/cisco/libsrtp/archive/v1.5.4.tar.gz
tar xfv v1.5.4.tar.gz
cd libsrtp-1.5.4
./configure --prefix=/usr --enable-openssl --libdir=/usr/lib64
make shared_library && make install
cd …
wget https://github.com/cisco/libsrtp/archive/v2.2.0.tar.gz
tar xfv v2.2.0.tar.gz
cd libsrtp-2.2.0
./configure --prefix=/usr --enable-openssl --libdir=/usr/lib64
make shared_library && make install
cd …
3. 安装libusrsctp
git clone https://github.com/Kurento/libusrsctp.git
cd libusrsctp
./bootstrap
./configure --prefix=/usr --libdir=/usr/lib64
make && make install
cd …
4. 安装libmicrohttpd(V0.9.72)
wget https://ftp.gnu.org/gnu/libmicrohttpd/libmicrohttpd-0.9.72.tar.gz
tar zxf libmicrohttpd-0.9.72.tar.gz
cd libmicrohttpd-0.9.72/
./configure
make && make install
cd …
5. 安装usrsctp(V0.9.5)
git clone https://github.com/sctplab/usrsctp
cd usrsctp
./bootstrap
./configure --prefix=/usr
make && make install
cd …
6. 安装libwebsocket(V4.1.6)
git clone https://github.com/warmcat/libwebsockets
cd libwebsockets
git branch -a #查看并选择最新的稳定版本,目前的是remotes/origin/v3.2-stable
git checkout v3.2-stable #切换到最新稳定版本
mkdir build
cd build
cmake -DMAKE_INSTALL_PREFIX:PATH=/usr -DCMAKE_C_FLAGS="-fpic" …
make && make install
cd …/…
7. 安装Janus(V0.10.5)
git clone https://github.com/meetecho/janus-gateway.git &&
cd janus-gateway
sh autogen.sh
./configure --prefix=/opt/janus --enable-websockets --enable-data-channels --enable-docs
make && make install && make configs
cd …
8. 安装配置nginx
#下载nginx 1.15.8版本
wget http://nginx.org/download/nginx-1.15.8.tar.gz
tar xvzf nginx-1.15.8.tar.gz
cd nginx-1.15.8/
#配置,一定要支持https
./configure --with-http_ssl_module
编译
make && make install
cd …
生成证书
mkdir -p cert
cd cert
#CA私钥
openssl genrsa -out key.pem 2048
#自签名证书
openssl req -new -x509 -key key.pem -out cert.pem -days 1095
cd …
修改nginx配置文件 vi /usr/local/nginx/conf/nginx.conf
Location中指向janus所在目录/opt/janus/share/janus/demos
配置证书
ssl_certificate /stcc/janus/cert/cert.pem;
ssl_certificate_key /stcc/janus/cert/key.pem;
如下图:
启动nginx
/usr/local/nginx/sbin/nginx
访问https 服务器ip
如果是http 访问 如上 请在nginx配置
输入https://121.4.124.xxx/,访问成功
9. coturn服务部署(V4.5.1.3)
wget https://coturn.net/turnserver/v4.5.2/turnserver-4.5.1.3.tar.gz
tar -zxvf turnserver-4.5.1.3.tar.gz
cd turnserver-4.5.1.3/
./configure
make && make install
cd…
mkdir curncert
cd curncert
openssl req -x509 -newkey rsa:2048 -keyout /stcc/janus/turncert/turn_server_pkey.pem -out /stcc/janus/turncert/turn_server_cert.pem -days 99999 -nodes
which turnserver
cp /usr/local/etc/turnserver.conf.default /usr/local/etc/turnserver.conf
vi /usr/local/etc/turnserver.conf
在文件末尾插入
下面展示一些 内联代码片
。
#与前ifconfig查到的网卡名称一致
listening-device=eth0
listening-port=3478
#tls-listening-port=5349
#内网IP
listening-ip=172.17.0.x
relay-ip=172.17.0.x
#公网IP
external-ip=121.4.124.xxx
min-port=49152
max-port=65535
cert= /stcc/janus/turncert/turn_server_cert.pem
pkey= /stcc/janus/turncert/turn_server_pkey.pem
#用户名密码
user=stcc:123456
#不开启会报CONFIG ERROR: Empty cli-password, and so telnet cli interface is disabled! Please set a non empty cli-password!错误
cli-password=qwerty
lt-cred-mech
pidfile="/var/run/turnserver.pid"
turnserver -v -r 121.4.124.xxx:3478 -a -o -c /usr/local/etc/turnserver.conf
注意:如果使用的是阿里云或腾讯云的服务器,要开发对应端口的访问,关闭对应端口的防火墙
10. janus配置文件
cd /opt/janus/etc/janus
修改配置janus.jcfg
修改 janus.transport.http.jcfg 以开启 https 和增加证书
下面展示一些 内联代码片
。
general: {
#events = true # Whether to notify event handlers about transport events (default=true)
json = "indented" # Whether the JSON messages should be indented (default),
# plain (no indentation) or compact (no indentation and no spaces)
base_path = "/janus" # Base path to bind to in the web server (plain HTTP only)
threads = "unlimited" # unlimited=thread per connection, number=thread pool
http = true # Whether to enable the plain HTTP interface
port = 8088 # Web server HTTP port
#interface = "eth0" # Whether we should bind this server to a specific interface only
#ip = "192.168.0.1" # Whether we should bind this server to a specific IP address (v4 or v6) only
https = true # Whether to enable HTTPS (default=false)
secure_port = 8089 # Web server HTTPS port, if enabled
#secure_interface = "eth0" # Whether we should bind this server to a specific interface only
#secure_ip = "192.168.0.1" # Whether we should bind this server to a specific IP address (v4 or v6) only
#acl = "127.,192.168.0." # Only allow requests coming from this comma separated list of addresses
}
certificates: {
cert_pem = "/home/ubuntu/cert/cert.pem"
cert_key = "/home/ubuntu/cert/key.pem"
#cert_pwd = "secretpassphrase"
#ciphers = "PFS:-VERS-TLS1.0:-VERS-TLS1.1:-3DES-CBC:-ARCFOUR-128"
}
修改 janus.transport.websockets.jcfg 以开启 wss 和增加证书
如图:
# WebSockets stuff: whether they should be enabled, which ports they
# should use, and so on.
general: {
#events = true # Whether to notify event handlers about transport events (default=true)
json = "indented" # Whether the JSON messages should be indented (default),
#pingpong_trigger = 30 # After how many seconds of idle, a PING should be sent
#pingpong_timeout = 10 # After how many seconds of not getting a PONG, a timeout should be detected
ws = true # Whether to enable the WebSockets API
ws_port = 8188 # WebSockets server port
#ws_interface = "eth0" # Whether we should bind this server to a specific interface only
#ws_ip = "192.168.0.1" # Whether we should bind this server to a specific IP address only
wss = true # Whether to enable secure WebSockets
wss_port = 8989 # WebSockets server secure port, if enabled
#wss_interface = "eth0" # Whether we should bind this server to a specific interface only
#wss_ip = "192.168.0.1" # Whether we should bind this server to a specific IP address only
#ws_logging = "err,warn" # libwebsockets debugging level as a comma separated list of things
# to debug, supported values: err, warn, notice, info, debug, parser,
# header, ext, client, latency, user, count (plus 'none' and 'all')
#ws_acl = "127.,192.168.0." # Only allow requests coming from this comma separated list of addresses
}
# If you want to expose the Admin API via WebSockets as well, you need to
# specify a different server instance, as you cannot mix Janus API and
# Admin API messaging. Notice that by default the Admin API support via
# WebSockets is disabled.
admin: {
admin_ws = false # Whether to enable the Admin API WebSockets API
admin_ws_port = 7188 # Admin API WebSockets server port, if enabled
#admin_ws_interface = "eth0" # Whether we should bind this server to a specific interface only
#admin_ws_ip = "192.168.0.1" # Whether we should bind this server to a specific IP address only
admin_wss = false # Whether to enable the Admin API secure WebSockets
#admin_wss_port = 7989 # Admin API WebSockets server secure port, if enabled
#admin_wss_interface = "eth0" # Whether we should bind this server to a specific interface only
#admin_wss_ip = "192.168.0.1" # Whether we should bind this server to a specific IP address only
#admin_ws_acl = "127.,192.168.0." # Only allow requests coming from this comma separated list of addresses
}
# Certificate and key to use for any secure WebSocket server, if enabled (and passphrase if needed).
# You can also disable insecure protocols and ciphers by configuring the
# 'ciphers' property accordingly (no limitation by default).
# Examples of recommended cipher strings at https://cheatsheetseries.owasp.org/cheatsheets/TLS_Cipher_String_Cheat_Sheet.html
certificates: {
cert_pem = "/stcc/janus/cert/cert.pem"
cert_key = "/stcc/janus/cert/key.pem"
#cert_pwd = "secretpassphrase"
#ciphers = "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256"
}
修改 Janus demo 增加 wss 支持
如图:
11. 启动janus
/opt/janus/bin/janus --debug-level=5 --log-file=$HOME/janus-log