coturn部署指南 - housekeeper-software/tech GitHub Wiki
概要
我们用容器部署,redis作为认证数据库 首先部署docker和docker-compose
关于双IP的流言
google 说:
虽然 CHANGE REQUEST 不是一个复杂的功能,但将其实现与 TURN 服务器结合起来也有其自身的挑战。这个项目是关于 TURN 服务器的,这也是历史上的主要目标。STUN部分是后来添加的,虽然工作得很好,但项目的架构更适合TURN,STUN没有优先权。所以我们决定不支持 STUN CHANGE REQUEST 和 external-ip 选项,因为这会导致不自然的并发症,而且根本不值得。也许稍后我们会弄清楚如何支持这种组合而不产生重大并发症。
所以,我们不需要双IP!
生成密钥
openssl req -x509 -newkey rsa:2048 -keyout /build/coturn/ssl/turn_server_pkey.pem -out /build/coturn/ssl/turn_server_cert.pem -days 99999 -nodes
coturn 配置
# TURN server name and realm
realm=${域名}
server-name=turnserver
# Use fingerprint in TURN message
fingerprint
# IPs the TURN server listens to
listening-ip=${内网ip}
relay-ip=${内网ip}
# External IP-Address of the TURN server
external-ip=${公网ip}/${内网ip}
# Main listening port
listening-port=3478
tls-listening-port=5349
# Further ports that are open for communication
min-port=50000
max-port=65535
cli-password=${随便设置一个密码}
stale-nonce
# Log file path
log-file=/var/log/turnserver.log
# Enable verbose logging
verbose
simple-log
# Specify the user for the TURN authentification
#user=test:test123
# Enable long-term credential mechanism
lt-cred-mech
no-multicast-peers
web-admin
web-admin-ip=${本机ip}
web-admin-port=8080
cert=/etc/ssl/turn_server_cert.pem
pkey=/etc/ssl/turn_server_pkey.pem
redis-userdb="ip=${redis ip} dbname=${db index} password=${redis passowrd} connect_timeout=30"
docker-compose
version: "3"
services:
redis:
image: redis:latest
container_name: redis
restart: always
privileged: true
command:
--requirepass "redis password"
ports:
- 6379:6379
volumes:
- /build/coturn/redis/conf:/etc/redis
- /build/coturn/redis/data:/data
- /etc/localtime:/etc/localtime
environment:
- "TZ=Asia/Shanghai"
network_mode: "host"
coturn:
image: coturn/coturn:latest
container_name: coturn
restart: always
privileged: true
user: root:root
volumes:
- /build/coturn/coturn/conf/turnserver.conf:/etc/coturn/turnserver.conf
- /build/coturn/coturn/ssl:/etc/ssl
- /etc/localtime:/etc/localtime
network_mode: "host"