问题描述
我有以下设置rfc5766-turn-server但我还不知道如何启用TLS在turnserver.conf?
I have this following setup for rfc5766-turn-server but i am not sure yet how to enable the TLS in turnserver.conf?
有什么想法,缺少什么来确保TLS被激活,还有什么相关的来源丢失?
Any idea what is missing to make sure TLS is activated and what else related sources are missing?
# cat turnserver.conf user=root:root realm=x.x.x.x #no-tls #no-dtls syslog aux-server=x.x.x.x:80 aux-server=x.x.x.x:443
问题:当TURN客户端与以下原语连接时,到TURN服务器上,然后有自动TURN会话关闭问题。
Problem: When TURN client connects with following primitives, to that above TURN server then there is auto TURN session close issue.
config: '{"iceServers":[{"urls":"stun:stun.l.google.com:19302"}, {"credential":"root","urls":"turn:root@XXXXX:443?transport=tcp"}], "iceTransports":"relay"}';
注意:443 TCP
NOTE: 443 TCP
/ p>
or
config: '{"iceServers":[{"urls":"stun:stun.l.google.com:19302"}, {"credential":"root","urls":"turn:root@XXXXX:80?transport=tcp"}], "iceTransports":"relay"}';
注意:80 TCP
推荐答案
我想我已经回答这个问题了,希望能帮助稍后会解决这个问题的人。
I guess I am answering the question bit late, hoping it would help the people who will stumble upon this question later on.
不认为你可以直接添加用户在TURN配置文件,一个单独的flatfile /一些数据库或部分命令启动 turnserver (或通过 turnadmin )
I do not think you can add users in the TURN config files directly, either a seperate flatfile/ some db or part of command for starting turnserver ( or through turnadmin)
假设侦听ip是 XXXXX PPP (从我的理解,这个端口可以是任何你想要的,不管传输是 udp 还是 tcp ,如果你运行在端口< 1024你需要提高访问)
let assume listening ip is XXXXX and port PPP( from what I understand, this port can be whatever you want, irrespective of the transport being udp or tcp and the if you are running on port <1024 you are gonna need elevated access)
使用turnconfig文件(turnconfig.conf) p>
using turnconfig file(turnconfig.conf):
listening-ip=XXXXX tls-listening-port=PPP cert=( certificate location) pkey=( private key location) lt-cred-mech realm=someRealm log-file=/var/tmp/turn.log no-sslv2 no-sslv3
启动cmd可以是 turnserver -v -c turnconfig.conf -o -u user:root
没有配置文件:
turnserver --tls-listening-port PPP -L XXXXX -r someRealm -a -o -v -n -u user:root -l '/var/tmp/turn.log' --no-sslv2 --no-sslv3
注意:托管在NAT之后(通常在Amazon EC2的情况下),需要另一个费用 external-ip 。
Note: is this is hosted behind NAT( usually in the case of Amazon EC2), another feild external-ip is required.
和config(在WebRTC应用程序上的RTCPeerConnection)是:
and config( of RTCPeerConnection on WebRTC app) is :
config: { 'iceServers':[ { 'url': 'stun:stun.l.google.com:19302' }, { 'url': 'turn:user@XXXXX:PPP?transport=udp', 'credential': 'root' }, { 'url': 'turn:user@XXXXX:PPP?transport=tcp', 'credential': 'root' } ] };
以生成证书和私钥,可以使用 openssl :
as for generating the certificate and private key, you can use openssl:
openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 3001 -nodes
这篇关于rfc5766-turn-server - 如何启用TLS和HTTP CONNECT方法呢?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!