Discuz! Board

标题: 严格按照戴维营的https方法，搭建一边apprtc服务器 [打印本页]

---

作者: zangcf    时间: 2016-8-6 16:15
标题: 严格按照戴维营的https方法，搭建一边apprtc服务器
网址：
http://www.jianshu.com/p/5431a7066f47

---

作者: zangcf    时间: 2016-8-6 16:31
标题: 环境准备和代码下载
在Ubuntu Linux 版本服务器上创建新用户apprtc,设置密码,并安装必要的软件包:
useradd -m apprtc
passwd apprtc
apt-get install openjdk-7-jdk
apt-get install python-webtest

mkdir apprtc_root
cd apprtc_root
git clone https://github.com/webrtc/apprtc.git

---

作者: zangcf    时间: 2016-8-6 17:29
标题: 安装NodeJS和grunt


安装NodeJS和grunt
=========================
apt-get install nodejs
npm install -g npm

apt-get install nodejs-legacy

npm -g install grunt-cli

---

作者: zangcf    时间: 2016-8-8 05:44
标题: 3. 安装apprtc代码中的grunt依赖:


执行下面命令:

1. npm install然后再执行下面命令编译出apprtc这个GAE app.
   
2. $ grunt build编译完成后,输出将放在~/apprtc_root/out目录下的app_engine目录
   
3. 
   
4. 当然到这一步还没完,还需要配置constant.py服务器参数,
   
5. ICE_SERVER_BASE_URL = 'https://api.diveinedu.com'ICE_SERVER_URL_TEMPLATE = '%s/apprtc/iceconfig.php?key=%s'ICE_SERVER_API_KEY = os.environ.get('ICE_SERVER_API_KEY')然后把下面命令放到一个脚本文件$HOME/start_apprtc.sh中:
   
6. export PATH=$PATH:$HOME/google_appengineexport APPRTC_APP=$HOME/apprtc_root/out/app_engine/export HOST="--host=0.0.0.0"export ICE_SERVER_API_KEY="AIzaSyAJdh2HkajseEIltlZ3SIXO02Tze9sO3NY"dev_appserver.py $HOST $APPRTC_APP以后都只需要执行该脚本文件就可以启动会话房间服务:
   
7. $ $HOME/start_apprtc.sh打开浏览器,访问服务器<a href="http://apprtc.diveinedu.com:8080" target="_blank">http://apprtc.diveinedu.com:8080</a>  ,就可以打开了.
   
8. 
   
9. 
   
10. ===================
    
11. 上面的配置有两个问题，第一，没有dev_appserver.py的环境
    
12. 第二，ICE_SERVER_API_KEY需要后面确定
    

复制代码

准备包：google_appengine_1.9.35.zip解压缩，然后加入执行环境

1. export PATH=$PATH:$HOME/google_appengine
   
2. echo "export PATH=$PATH:$HOME/google_appengine" >> $HOME/.profile

复制代码

如果使用上面的脚本，上面准备环境步奏可以不要，因为sh脚本已经做了这个工作

---

作者: zangcf    时间: 2016-8-8 06:16
标题: 配置Nginx反向代理服务器


配置Nginx反向代理服务器,提供默认HTTPS的访问, 新建Nginx虚拟主机配置文件,反向代理到8080端口

安装nginx的方法：

1. apt-get install nginx

复制代码

配置/etc/nginx/site-available/apprtc.91xuepai.com

1. #/etc/nginx/sites-enabled/apprtc.diveinedu.com
   
2. upstream roomserver {
   
3.         server localhost:8080;
   
4. }      
   
5. }
   
6. 
   
7. 
   
8. server {
   
9.         listen 80 ;
   
10.         server_name apprtc.91xuepai.com;
    
11.         return  301 https://$server_name$request_uri;
    
12. }
    
13. 
    
14. server {
    
15.         listen 443 ;
    
16.         ssl on;
    
17.         ssl_certificate      /etc/nginx/apprtc.91xuepai.com.crt;
    
18.         ssl_certificate_key  /etc/nginx/apprtc.91xuepai.com.key;
    
19. 
    
20.         server_name apprtc.diveinedu.com;
    
21.         access_log  /var/log/nginx/apprtc.91xuepai.com.log;
    
22.         location / {
    
23.                 proxy_pass http://roomserver$request_uri;
    
24.                 proxy_set_header Host $host;
    
25.         }
    
26. 
    
27. }
    

复制代码

注意，要把这个站点配置文件link到site-enable

1. root@iZ949sqo4m3Z:/etc/nginx/sites-available# ln -s ../sites-available/apprtc.91xuepai.com ./apprtc.91xuepai.com
   

复制代码

最后，准备key和crt文件
使用simplewebrtc的信令服务器来准备这两个文件：

1. root@iZ949sqo4m3Z:~# cd singalserver/
   
2. root@iZ949sqo4m3Z:~/singalserver# ls
   
3. signalmaster-master  signalmaster-master.zip  test
   
4. root@iZ949sqo4m3Z:~/singalserver# cd signalmaster-master/
   
5. root@iZ949sqo4m3Z:~/singalserver/signalmaster-master# ls
   
6. config      LICENSE       package.json  README.md  server.js   test.js
   
7. Dockerfile  node_modules  Procfile      scripts    sockets.js
   
8. root@iZ949sqo4m3Z:~/singalserver/signalmaster-master# cd config/
   
9. root@iZ949sqo4m3Z:~/singalserver/signalmaster-master/config# ls
   
10. development.json  production.json
    
11. root@iZ949sqo4m3Z:~/singalserver/signalmaster-master/config# cd ..
    
12. root@iZ949sqo4m3Z:~/singalserver/signalmaster-master# ls
    
13. config      LICENSE       package.json  README.md  server.js   test.js
    
14. Dockerfile  node_modules  Procfile      scripts    sockets.js
    
15. root@iZ949sqo4m3Z:~/singalserver/signalmaster-master# cd ..
    
16. root@iZ949sqo4m3Z:~/singalserver# ls
    
17. signalmaster-master  signalmaster-master.zip  test
    
18. root@iZ949sqo4m3Z:~/singalserver# cd test/
    
19. root@iZ949sqo4m3Z:~/singalserver/test# ls
    
20. config      LICENSE       package.json  README.md  server.js   test.js
    
21. Dockerfile  node_modules  Procfile      scripts    sockets.js
    
22. root@iZ949sqo4m3Z:~/singalserver/test# cd..
    
23. cd..: command not found
    
24. root@iZ949sqo4m3Z:~/singalserver/test# ls
    
25. config      LICENSE       package.json  README.md  server.js   test.js
    
26. Dockerfile  node_modules  Procfile      scripts    sockets.js
    
27. root@iZ949sqo4m3Z:~/singalserver/test# ls
    
28. config      LICENSE       package.json  README.md  server.js   test.js
    
29. Dockerfile  node_modules  Procfile      scripts    sockets.js
    
30. root@iZ949sqo4m3Z:~/singalserver/test# cd ..
    
31. root@iZ949sqo4m3Z:~/singalserver# ls
    
32. signalmaster-master  signalmaster-master.zip  test
    
33. root@iZ949sqo4m3Z:~/singalserver# cd signalmaster-master/
    
34. root@iZ949sqo4m3Z:~/singalserver/signalmaster-master# ./scripts/generate-ssl-certs.sh
    
35. Generating self-signed certificates...
    
36. Generating RSA private key, 1024 bit long modulus
    
37. ...........++++++
    
38. ......++++++
    
39. e is 65537 (0x10001)
    
40. You are about to be asked to enter information that will be incorporated
    
41. into your certificate request.
    
42. What you are about to enter is what is called a Distinguished Name or a DN.
    
43. There are quite a few fields but you can leave some blank
    
44. For some fields there will be a default value,
    
45. If you enter '.', the field will be left blank.
    
46. -----
    
47. Country Name (2 letter code) [AU]:CN
    
48. State or Province Name (full name) [Some-State]:GD
    
49. Locality Name (eg, city) []:SZ
    
50. Organization Name (eg, company) [Internet Widgits Pty Ltd]:91xuepai
    
51. Organizational Unit Name (eg, section) []:91xuepai
    
52. Common Name (e.g. server FQDN or YOUR name) []:91xuepai
    
53. Email Address []:710833814@qq.com
    
54. 
    
55. Please enter the following 'extra' attributes
    
56. to be sent with your certificate request
    
57. A challenge password []:123456
    
58. An optional company name []:123456
    
59. Signature ok
    
60. subject=/C=CN/ST=GD/L=SZ/O=91xuepai/OU=91xuepai/CN=91xuepai/emailAddress=710833814@qq.com
    
61. Getting Private key
    
62. root@iZ949sqo4m3Z:~/singalserver/signalmaster-master# ls
    
63. config      LICENSE       package.json  README.md  server.js   test.js
    
64. Dockerfile  node_modules  Procfile      scripts    sockets.js
    
65. root@iZ949sqo4m3Z:~/singalserver/signalmaster-master# cd config/
    
66. root@iZ949sqo4m3Z:~/singalserver/signalmaster-master/config# ls
    
67. development.json  production.json  sslcerts
    
68. root@iZ949sqo4m3Z:~/singalserver/signalmaster-master/config# cd sslcerts/
    
69. root@iZ949sqo4m3Z:~/singalserver/signalmaster-master/config/sslcerts# ls
    
70. cert.pem  key.pem
    
71. root@iZ949sqo4m3Z:~/singalserver/signalmaster-master/config/sslcerts# cp key.pem
    

复制代码

然后copy到指定目录：

1. root@iZ949sqo4m3Z:~/singalserver/signalmaster-master/config/sslcerts# cp key.pem  /etc/nginx/apprtc.91xuepai.com.key
   
2. root@iZ949sqo4m3Z:~/singalserver/signalmaster-master/config/sslcerts# cp cert.pem /etc/nginx/apprtc.91xuepai.com.crt
   
3. root@iZ949sqo4m3Z:~/singalserver/signalmaster-master/config/sslcerts#
   

复制代码

最后，重启nginx

1. root@iZ949sqo4m3Z:~/singalserver/signalmaster-master/config/sslcerts# service nginx reload
   
2. * Reloading nginx configuration nginx
   
3.    ...done.
   
4. root@iZ949sqo4m3Z:~/singalserver/signalmaster-master/config/sslcerts#
   

复制代码

---

作者: zangcf    时间: 2016-8-8 07:40
标题: 准备信令服务器


这个配置比较复杂，主要牵扯到云端服务器能否翻墙的问题：
========================================================
1，首先找一个本地的ubuntu桌面系统，保证可以使用翻墙工具
2，下载go程序:进入网站下载 http://www.golangtc.com/download
go1.6.2.linux-amd64.tar.gz
3，安装go环境
解压缩

1. <font color="#333333">tar xzvf </font><font color="#333333">go1.6.2.linux-amd64.tar.gz</font>

复制代码

将生成一个go的目录，使用su的权限

1. <div class="blockcode"><blockquote>root@iZ949sqo4m3Z:~# mv go /usr/local/
   
2. root@iZ949sqo4m3Z:~# vi .profile
   
3. # ~/.profile: executed by Bourne-compatible login shells.
   
4. 
   
5. if [ "$BASH" ]; then
   
6.   if [ -f ~/.bashrc ]; then
   
7.     . ~/.bashrc
   
8.   fi
   
9. fi
   
10. export GOROOT="/usr/local/go"
    
11. export GOPATH="$HOME/collider_root"
    
12. 
    
13. export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/ga
    
14. mes:/usr/local/games:/root/google_appengine:/root/google_appengine::$GOROOT/bin
    
15. 
    
16. mesg n
    
17. ~
    
18. ~
    
19. ~
    
20. ~
    
21. ~
    
22. ~
    
23. ~
    
24. ~
    
25. ~
    
26. ".profile" 13L, 367C written                                 
    
27. root@iZ949sqo4m3Z:~# source .profile
    
28. root@iZ949sqo4m3Z:~# mkdir collider_root
    
29. root@iZ949sqo4m3Z:~# cd collider_root/
    
30. root@iZ949sqo4m3Z:~/collider_root# mkdir src
    
31. root@iZ949sqo4m3Z:~/collider_root# cd src/
    
32. root@iZ949sqo4m3Z:~/collider_root/src# echo $GOPATH
    
33. /root/collider_root
    
34. root@iZ949sqo4m3Z:~/collider_root/src# cp $HOME/apprtc_root/src/collider/collider ./
    
35. cp: omitting directory ?root/apprtc_root/src/collider/collider?
    
36. root@iZ949sqo4m3Z:~/collider_root/src# cp -r $HOME/apprtc_root/src/collider/collider ./
    
37. root@iZ949sqo4m3Z:~/collider_root/src# cp -r $HOME/apprtc_root/src/collider/collidermain ./
    
38. root@iZ949sqo4m3Z:~/collider_root/src# $HOME/apprtc_root/src/collider/collidertest
    
39. -bash: /root/apprtc_root/src/collider/collidertest: Is a directory
    
40. root@iZ949sqo4m3Z:~/collider_root/src# vi $GOPATH/src/collidermain/main.go
    
41. // Copyright (c) 2014 The WebRTC project authors. All Rights Reserved.
    
42. // Use of this source code is governed by a BSD-style license
    
43. // that can be found in the LICENSE file in the root of the source
    
44. // tree.
    
45. 
    
46. package main
    
47. 
    
48. import (
    
49.         "collider"
    
50.         "flag"
    
51.         "log"
    
52. )
    
53. 
    
54. var tls = flag.Bool("tls", true, "whether TLS is used")
    
55. var port = flag.Int("port", 443, "The TCP port that the server listens on")
    
56. var roomSrv = flag.String("room-server", "https://120.76.203.222", "The origin of the room server")
    
57. 
    
58. func main() {
    
59.         flag.Parse()
    
60. 
    
61.         log.Printf("Starting collider: tls = %t, port = %d, room-server=%s", *tls, *port, *roomSrv)
    
62. "collidermain/main.go" 25L, 678C written                     
    
63. root@iZ949sqo4m3Z:~/collider_root/src# vi $GOPATH/src/collider/collider.go
    
64. // Copyright (c) 2014 The WebRTC project authors. All Rights Reserved.
    
65. // Use of this source code is governed by a BSD-style license
    
66. // that can be found in the LICENSE file in the root of the source
    
67. // tree.
    
68. 
    
69. // Package collider implements a signaling server based on WebSocket.
    
70. package collider
    
71. 
    
72. import (
    
73.         "crypto/tls"
    
74.         "golang.org/x/net/websocket"
    
75.         "encoding/json"
    
76.         "errors"
    
77.         "io"
    
78.         "io/ioutil"
    
79.         "log"
    
80.         "net/http"
    
81.         "strconv"
    
82.         "strings"
    
83.         "time"
    
84. )
    
85. 
    
86. const registerTimeoutSec = 10
    
87. /ListenAndServeTLS
    
88.                                 tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
    
89.                                 tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
    
90.                                 tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
    
91.                                 tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
    
92.                                 tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
    
93.                         },
    
94.                         PreferServerCipherSuites: true,
    
95.                 }
    
96.                 server := &http.Server{ Addr: pstr, Handler: nil, TLSConfig: config }
    
97. 
    
98.                 e = server.ListenAndServeTLS("/etc/nginx/apprtc.91xuepai.com.crt
    
99. ", "/etc/nginx/apprtc.91xuepai.com.key")
    
100.         } else {
     
101.                 e = http.ListenAndServe(pstr, nil)
     
102.         }
     
103. 
     
104.         if e != nil {
     
105.                 log.Fatal("Run: " + e.Error())
     
106.         }
     
107. }
     
108. 
     
109. // httpStatusHandler is a HTTP handler that handles GET requests to get the
     
110. "collider/collider.go" 215L, 6275C written                    
     
111. root@iZ949sqo4m3Z:~/collider_root/src#
     

复制代码

10，然后重复上面：

1. go get collidermain
   
2. go install collidermain

复制代码

11，运行信令服务器：

1. $GOPATH/bin/collidermain -port=8089 -tls=true

复制代码

如何测试信令服务器是否可以工作呢？

---

作者: zangcf    时间: 2016-8-8 08:23
标题: 准备隧道服务器
1，准备编译环境和安装相应库

1. apt-get install build-essential
   
2. apt-get install -y libssl-dev libevent-dev libpq-dev mysql-client libmysqlclient-dev libhiredis-dev

复制代码

2，下载程序，编译安装：
准备文件，turnserver-3.2.3.95.tar.gz解压缩

1. ./configure
   
2. make
   
3. sudo make install

复制代码

3, 配置

---

作者: zangcf    时间: 2016-8-9 18:26
标题: 对于turnserver，我决定还是按照戴维营的思路去搭建


对于turnserver，我决定还是按照戴维营的思路去搭建
第一步，删除原来的turnserver

1. root@iZ949sqo4m3Z:~/turnserver-3.2.3.95# make uninstall
   
2. pkill turnserver || echo OK
   
3. OK
   
4. rm -rf /usr/local/share/doc/turnserver
   
5. rm -rf /usr/local/share/turnserver
   
6. rm -rf /usr/local/bin/turnserver
   
7. rm -rf /usr/local/bin/turnadmin
   
8. rm -rf /usr/local/bin/turnutils_peer
   
9. rm -rf /usr/local/bin/turnutils_uclient
   
10. rm -rf /usr/local/bin/turnutils_stunclient
    
11. rm -rf /usr/local/man/man1/turnserver.1
    
12. rm -rf /usr/local/man/man1/turnadmin.1
    
13. rm -rf /usr/local/man/man1/turnutils.1
    
14. rm -rf /usr/local/man/man1/turnutils_uclient.1
    
15. rm -rf /usr/local/man/man1/turnutils_stunclient.1
    
16. rm -rf /usr/local/man/man1/turnutils_peer.1
    
17. rm -rf /usr/local/man/man1/rfc5766-turn-server.1
    
18. rm -rf /usr/local/lib/libturnclient.a
    
19. rm -rf /usr/local/share/examples/turnserver/
    
20. rm -rf /usr/local/etc/turnserver.conf.default
    
21. rm -rf /usr/local/etc/turnuserdb.conf.default
    

复制代码

下载安装包

1. tar xzvf turnserver-4.4.1.2-debian-wheezy-ubuntu-mint-x86-64bits.tar.gz

复制代码

使用dpkg安装

1. dpkg -i coturn_4.4.1.2-1_amd64.deb

复制代码

修改coturn的配置文件：

1. root@iZ949sqo4m3Z:/etc/default# vi coturn

复制代码

1. root@iZ949sqo4m3Z:/etc/default# vi coturn
   
2. #
   
3. # Uncomment it if you want to have the turnserver running as
   
4. # an automatic system service daemon
   
5. #
   
6. TURNSERVER_ENABLED=1
   

复制代码

生成user的密码：

1. root@iZ949sqo4m3Z:~# turnadmin -k -u 91xuepai -p 91xuepai
   
2. 0x35a8061d1c85cd9f367d6dae569710ba
   
3. root@iZ949sqo4m3Z:~#
   

复制代码

修改配置文件/etc/turnserver.conf

---

作者: zangcf    时间: 2016-8-9 19:23
标题: RE: 严格按照戴维营的https方法，搭建一边apprtc服务器
再次修改apprtc的constants.py文件

1. This module contains the constants used in AppRTC Python modules.
   
2. """
   
3. import os
   
4. 
   
5. ROOM_MEMCACHE_EXPIRATION_SEC = 60 * 60 * 24
   
6. MEMCACHE_RETRY_LIMIT = 100
   
7. 
   
8. LOOPBACK_CLIENT_ID = 'LOOPBACK_CLIENT_ID'
   
9. 
   
10. # TODO: Remove once clients support ICE_SERVER.
    
11. TURN_BASE_URL = 'https://120.76.203.222'
    
12. TURN_URL_TEMPLATE = '%s/turn.php?username=%s&key=%s'
    
13. CEOD_KEY = '91xuepai'
    
14. 
    
15. ICE_SERVER_BASE_URL = 'https://120.76.203.222'
    
16. ICE_SERVER_URL_TEMPLATE = '%s/apprtc/iceconfig.php?key=%s'
    
17. #ICE_SERVER_URL_TEMPLATE = '%s/turn.php?username=%s&key=%s'
    
18. ICE_SERVER_API_KEY = os.environ.get('ICE_SERVER_API_KEY')
    

复制代码

turn的配置和ICE的配置关系是什么样子？是都配置呢？还是二选一的配置呢？

---

作者: zangcf    时间: 2016-8-9 19:46
下面启动服务器：
第一，nginx启动
按照我的判断nginx应该是自动启动的，可以查看80端口的占用情况可知。

1. root@iZ949sqo4m3Z:~/apprtc_root/src/app_engine# netstat -apn | grep 80
   
2. tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      906/nginx      
   
3. tcp        0      0 120.76.203.222:51209    140.205.140.205:80      ESTABLISHED 1039/AliYunDun  
   
4. tcp6       0      0 :::80                   :::*                    LISTEN      906/nginx      
   
5. unix  2      [ ACC ]     STREAM     LISTENING     8680     1039/AliYunDun      /tmp/Aegis-<Guid(5A2C30A2-A87D-490A-9281-6765EDAD7CBA)>
   
6. root@iZ949sqo4m3Z:~/apprtc_root/src/app_engine#
   

复制代码

确实如此

第二步，启动隧道服务器

1. service coturn start;

复制代码

第三步，启动信令服务器
因为上面修改过信令服务器，所以需要重新安装：

1. root@iZ949sqo4m3Z:~/apprtc_root/src/app_engine# go get collidermain
   
2. root@iZ949sqo4m3Z:~/apprtc_root/src/app_engine# go install collidermain
   

复制代码

然后再运行：

1. root@iZ949sqo4m3Z:~/apprtc_root/src/app_engine# $GOPATH/bin/collidermain -port=8089 -tls=true
   
2. 2016/08/09 19:33:22 Starting collider: tls = true, port = 8089, room-server=https://120.76.203.222
   
3. 2016/08/09 19:33:22 Run: http2: TLSConfig.CipherSuites index 4 contains an HTTP/2-approved cipher suite (0xc030), but it comes after unapproved cipher suites. With this configuration, clients that don't support previous, approved cipher suites may be given an unapproved one and reject the connection.
   

复制代码

第四步，运行房间服务器
这个配置还是有问题，看样子，我还得再次重来一遍

---

欢迎光临 Discuz! Board (http://47.89.242.157:9000/bbs/discuz/)

Powered by Discuz! X3.2