Deploying APPRCT on CentOS

First, the Environment preparation:

Nodejs Environment:

获取nodejs 资源 ：curl --silent --location https://rpm.nodesource.com/setup_5.x | bash -这里的5.x换成你需要安装的版本在执行 yum install -y nodejs

Python and JDK environments:

查看yum库中的Java安装包 .◆输入：yum -y list java* 查找对应系统 下的安装包下载yum -y install java-1.8.0-openjdk-devel.x86_64yum install python python-requests

Second, install Google App Engine SDK for Python

1.  下载[https://cloud.google.com/sdk/docs/#linux](https://link.jianshu.com?t=https%3A%2F%2Fcloud.google.com%2Fsdk%2Fdocs%2F%23linux)    选择对应版本下载例如：https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-sdk-208.0.0-linux-x86_64.tar.gz2.  解压到指定目录``sudo tar zxvf google-cloud-sdk-208.0.0-linux-x86_64.tar.gz sudo chmod 777 -R /google-cloud-sdk

3. Configuration

sudo vi /etc/profile

To add a path to the path item

export PATH=$PATH:/root/webrtc/google-cloud-sdk/bin

Third, Room server deployment:

apprtc源码下载:git clone https://github.com/webrtc/apprtc.gitcd apprtc/npm i -g grunt-clinpm install

This is primarily the apprtc.py and constants.py files under the Src/app_engine directory.
For files under the Src/app_engine directory, execute the command grunt build recompile after each modification,
You can also edit the apprtc.py and constants.py in the Out/app_engine directory directly to avoid recompiling.
Modify Constants.py,turn_base_url need to fill in the IP address of the machine (note: Using localhost will have errors):

#TURN_BASE_URL = 'https://computeengineondemand.appspot.com'TURN_BASE_URL = 'http://10.10.29.56:8080'TURN_URL_TEMPLATE = '%s/turn?username=%s&key=%s'#CEOD_KEY = '4080218913'CEOD_KEY = '1234'ICE_SERVER_BASE_URL = 'http://10.10.29.56:8080'ICE_SERVER_URL_TEMPLATE = '%s/v1alpha/iceconfig?key=%s'ICE_SERVER_API_KEY = os.environ.get('ICE_SERVER_API_KEY')WSS_INSTANCES = [{       #WSS_INSTANCE_HOST_KEY: 'apprtc-ws.webrtc.org:443',    WSS_INSTANCE_HOST_KEY: '10.10.29.56:8089',     WSS_INSTANCE_NAME_KEY: 'wsserver-std',    WSS_INSTANCE_ZONE_KEY: 'us-central1-a'  }, {    #WSS_INSTANCE_HOST_KEY: 'apprtc-ws-2.webrtc.org:443',    WSS_INSTANCE_HOST_KEY: '10.10.29.56:8089',    WSS_INSTANCE_NAME_KEY: 'wsserver-std-2',    WSS_INSTANCE_ZONE_KEY: 'us-central1-f'}]

Modify apprtc.py:

if wss_tls and wss_tls == 'false':  wss_url = 'ws://' + wss_host_port_pair + '/ws'  wss_post_url = 'http://' + wss_host_port_pairelse:  #wss_url = 'wss://' + wss_host_port_pair + '/ws'  wss_url = 'ws://' + wss_host_port_pair + '/ws'  #wss_post_url = 'https://' + wss_host_port_pair  wss_post_url = 'http://' + wss_host_port_pairdef make_pc_config(ice_transports):  config = {  'iceServers': [],  #'iceServers': [{"urls":"stun:10.10.29.56"},{"urls":"turn:lin@10.10.29.56","credential":"1234"}],  'bundlePolicy': 'max-bundle',  'rtcpMuxPolicy': 'require'  };if ice_transports:  config['iceTransports'] = ice_transports  return config

Change the original WSS and HTTPS scheme to WS and HTTP, and do not allow the client or browser to use SSL links. A certificate issued by a signing authority with a third-party root certificate can be ignored.
Re-execute after modification:

grunt build

Iv. installation of the GO environment
Download the go installation package and unzip

wget https://storage.googleapis.com/golang/go1.9.2.linux-amd64.tar.gz --no-check-certificatetar xvf go1.9.2.linux-amd64.tar.gz（可以选择高点的版本或者其它方式安装go环境）sudo mv go /usr/lib

Edit Open File/etc/profile (can also choose other environment profile edit according to your own needs), add two lines at the end of file

export GOROOT=/usr/lib/goexport PATH=$PATH:$GOROOT/bin

Save Exit execution

source /etc/profile

V. Configuring a signaling Server

1. The new directory (Collider_root) is used to store the collider Go Code program in APPRTC.

sudo mkdir -p /root/webrtc/collider_rootsudo mkdir /root/webrtc/collider_root/srcsudo chmod 777 -R /root/webrtc/collider_root

2. Add in/etc/profile

export GOPATH=/root/webrtc/collider_rootexport PATH=$PATH:$GOPATH/bin

3. Establish links (you can also directly copy collider, Collidermain, collidertest in the/root/apprtc/src/collider/directory directly to the ~/COLLIDER_ROOT/SRC directory)

ln -sf ~/apprtc-master/src/collider/collider $GOPATH/src/ln -sf ~/apprtc-master/src/collidermain $GOPATH/src/ln -sf ~/apprtc-master/src/collider/collidertest $GOPATH/src/

4. Edit $gopath/collidermain/main.go, modify room server for our front Room server:

//var roomSrv = flag.String("room-server", "https://appr.tc", "The origin of the room server")var roomSrv = flag.String("room-server", "http://10.10.29.56:7000", "The origin of the room server")

5. To edit the $gopath/collider/collider.go, set the HTTPS certificate file required by the signaling server, locate the following code, and then change the comment to this:

//e = server.ListenAndServeTLS("/cert/cert.pem", "/cert/key.pem")e = server.ListenAndServeTLS("/etc/nginx/apprtc.diveinedu.com.crt", "/etc/nginx/apprtc.diveinedu.com.key")

6, the installation of signaling server dependencies and Collidermain

go get collidermaingo install collidermain

If the go get collidermain command fails (HTTPS access causes), then use the following troublesome method:
Download yourself: https://www.golangtc.com/static/download/packages/golang.org.x.net.tar.gz
Then extract to the/OPT/WEBRTC/COLLIDER_ROOT/SRC directory

tar xvf golang.org.x.net.tar.gzmv golang.org /opt/webrtc/collider_root/srccd $GOPATH/srcgo install golang.org/x/net/websocket/go get collidermaingo install collidermain

7. Operation

/opt/webrtc/collider_root/bin/collidermain -port=7001 -tls=false

Vi. Construction of Stun/turn/ice server

1. Installation Environment

yum install openssl-develyum install libevent2yum install libevent-develyum install sqliteyum install sqlite-develyum install postgresql-develyum install postgresql-serveryum install mysql-develyum install mysql-serveryum install hiredisyum install hiredis-develorsudo apt-get install libssl-dev libevent-dev

2. Download the source code (read the installation manual install)

git clone https://github.com/coturn/coturn cd coturn ./configure make make installorcd /home/thf/Projectswget http://turnserver.open-sys.org/downloads/v4.5.0.7/turnserver-4.5.0.7.tar.gztar xvfz turnserver-4.5.0.7.tar.gz

3. Compiling and installing

cd coturn./configuremakesudo make install

4. Coturn Configuration
   A) the Coturn source example/etc directory provides coturn default profiles for our use, and we need to copy each of the three configuration files required by Turnserver separately:
   First, in the/etc directory to create the Turnserver configuration of the storage directory:

sudo mkdir /etc/turnserver/

Note: This step is not required because Turnserver can specify a configuration file for any directory when it starts.
b) Copy the Conf configuration script
Enter the Coturn directory

cd coturnsudo cp ./examples/etc/turnserver.conf /etc/turnserver/``注： 在 examples 目录下的此配置文件，每个配置项均有说明，这样可以明白具体的参数含义；此配置文件自己也可以新建，然后将后面章节中的内容直接粘贴进去；c) 拷贝 pem 秘钥文件为了做些明显的区分，我们将*.pem秘钥文件也拷贝到/etc/turnserver/目录（也可由 openssl命令生成，这里我们偷个懒，直接用默认的）:

sudo cp./examples/etc/turn_server_*.pem/etc/turnserver/

这里我们拷贝的秘钥文件，将在上一步的 turnserver.conf 配置文件中指定。d) 生成coturn用户(可选)通过turnadmin执行简单的命令，指定相应的用户名、密码、域名，既可将此账号添加到coturn的数据库中；如下：

sudo turnadmin-a-u user name-p password-r domain

执行成功后，通过turnadmin -l既可查看新创建的用户名及域名：

sudo turnadmin-a-u thf-p 123456-r thf.com
Turnadmin-l
Thf[thf.com] indicates a successful creation!

其实这里我们指定的密码和域名暂时都是无关紧要的，因为后面我们在启动turnserver时，可以通过相关参数，给其指定固定的域名和密码。e) 配置 turnserver.conf建议：将之前拷贝的 turnserver.conf 文件备份，并新建一个 turnserver.conf 文件，将一下内容拷贝进入：

Log output level, Turnserver start-up plus-V for clearer log output

Verbose

Message verification, WebRTC's message will be used

Fingerprint

WebRTC through turn trunking, you must use long authentication mode

Lt-cred-mech

ICE REST API certification requires

Use-auth-secret

KEY required for REST API encryption

Here we use the "static" Key,google.

static-auth-secret=1234

User login domain, the following notation can not change it, because when you start Turnserver, you can override it by specifying parameters

realm=< fill in your own domain name >

Provides more secure access to the TURN service

Stale-nonce

SSL needs to be used to generate the command:

sudo OpenSSL req-x509-newkey rsa:2048-keyout/etc/turn_server_pkey.pem-out/etc/turn_server_cert.pem-days 99999-node S

listening-ip=192.168.164.128
listening-port=3478

tls-listening-port=7002

relay-ip=192.168.164.128

EXTERNAL-IP=192.168.164.128--Extranet IP

Relay-threads=50
Use-auth-secret
static-auth-secret=1234
User=lin:0x7e3a2ed35d3cf7f19e2f8b015a186f54
(0x7e3a2ed35d3cf7f19e2f8b015a186f54 via Turnadmin-k-u lin-r north.gov-p Lin
-K means to generate a long-term credential key
-U indicates user name
-P indicates password
-R denotes Realm, (the setting of this value may have an effect). )
user=xml:1234

Userdb=/etc/turnuserdb.conf

max-bps=1000000
Cert=/etc/turnserver/turn_server_cert.pem
Pkey=/etc/turnserver/turn_server_pkey.pem

max-bps=102400

Pidfile= "/var/run/turnserver.pid"

Log-file=/home/thf/projects/turnserver-4.5.0.7/turn.log

Shielded loopback, multicast IP address relay

No-loopback-peers
No-multicast-peers

Enable Mobility ICE support (not understood)

Mobility

Disabling the local Telnet CLI management interface

No-cli

5.  启动 turnserver    通过 turnserver 实现 Peers 默认通过 turn 中继转发媒体数据流，进行音视频通话，其中一个关键点是coturn 需要布置到一个同时连接到两个网络的服务器（公网）上，如网卡一：公网，网卡二：私网（暂且还用不到），且需要同时联通网络，否则会出现两个Peers 只要开始连接，turnserver就会报 Allocation timeout的错误，目前原因需要通过跟踪代码去分析，暂时还未明确具体原因。    启动turnserver可以通过如下命令进行启动：

Turnserver-v-L 192.168.164.128-a-f-r 192.168.164.128-c/etc/turnserver/turnserver.conf

以上命令：通过 -v 指定日志输出级别； -L 指定用于绑定的网卡 IP 地址；-a 指定使用长期凭证机制，turn中继转发模式，必须使用长期凭证机制；-f 指定 turn 消息使用 fingerprint；-r 指定使用的域名，将覆盖 turnserver.conf 文件中的配置；-C 指定配置文件路径。[https://webrtc.github.io/samples/src/content/pee/rconnection/trickle-ice](https://link.jianshu.com?t=https%3A%2F%2Fwebrtc.github.io%2Fsamples%2Fsrc%2Fcontent%2Fpee%2Frconnection%2Ftrickle-ice)检验打洞服务器是否正常七、grunt build 里的request安装问题解决方法：

sudo pip uninstall requests
sudo pip uninstall urllib3
sudo yum remove python-urllib3
sudo yum remove python-requests
sudo yum install python-urllib3
sudo yum install python-requests

八、Nginx反向代理搭建

Yum Install PHP

Location/{
#root html;
#index testssl.html index.html index.htm;

  proxy_redirect off;  proxy_set_header Host $host;  proxy_set_header X-Real-IP $remote_addr;  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;  proxy_pass http://127.0.0.1:18085/;

}

Location/v1alpha/iceconfig {
#add_header Access-control-allow-origin *;
#proxy_redirect off;
#proxy_set_header host host, #proxy_set_header X-real-ipremote_addr;
#proxy_set_header x-forwarded-for $proxy _add_x_forwarded_for;
Proxy_pass Http://127.0.0.1:3033/v1alpha/iceconfig;
}

ice.js编写

var express = require (' Express ')
var crypto = require (' crypto ')
var app = Express ()

var HMAC = function (key, content) {
var method = Crypto.createhmac (' SHA1 ', key)
Method.setencoding (' base64 ')
Method.write (content)
Method.end ()
Return Method.read ()
}

App.post ('/v1alpha/iceconfig ', function (req, resp) {
var query = Req.query
var key = ' apprtc.51buck.com '
var time_to_live = 600
var timestamp = Math.floor (Date.now ()/+) + time_to_live
var turn_username = timestamp + ': Buck '
var password = HMAC (key, Turn_username)

Return Resp.send ({
Iceservers: [
{
URLs: [
' stun:apprtc.51buck.com:3478 ',
' turn:apprtc.51buck.com:3478 '
],
Username:turn_username,
Credential:password
}
]
})
})

App.listen (' 3033 ', function () {
Console.log (' server started ')
})