WEBRTC Server Setup

Source: Internet
Author: User

Label:

1.WebRTC Backend Service:
    • Room server for calls

      The room server is used to create and manage call session status maintenance, is the two sides call or multiparty calls, join and leave the room and so on, we temporarily follow the Google deployment on the Gae platform APPRTC this room server implementation, the Gae The app's source code can be obtained on the github.com. The implementation is a Python-based Gae app that we need to download Google Gae's offline development package to our own Linux server to run the project and build a room server in the continental Internet environment.

    • Signaling server for calls (signaling server)

      A signaling server is a role used to manage and assist a call terminal to establish a point-to-point call to the center. This role is responsible for the task:

1. 用来控制通信发起或者结束的连接控制消息2. 发生错误时用来相互通告的消息3. 各自一方媒体流元数据,比如像解码器、解码器的配置、带宽、媒体类型等等4. 两两之间用来建立安全连接的关键数据5. 外界所能看到的网络上的数据,比如广域网IP地址、端口等信令服务器的具体协议实现没有严格规定,只要实现功能就OK.我们这里依然沿用Google提供的基于GO语言和WebSocket的信令服务器Collider.和上面的房间服务器一并在Github上可以获取.获取到我们自己的Linux服务器上用GO语言的运行环境来运行该信令服务器.
    • Firewall Hole-Punching server (Stun/turn/ice server)

      Most of us currently connect to the Internet in the back of a firewall or behind a home (NAT) router that configures a private subnet, which causes our computers to have IP addresses that are not WAN IP addresses and therefore cannot communicate directly with each other. Because of this scenario, we have to find a way to get through these firewalls or home (NAT) routers so that two of the computers in the private network can communicate with each other.

STUN (simple traversal of the UDP over-nats,nat UDP easy traversal); Stun protocol servers are used to solve these problems:

    1. Detects and discovers if the communication is hiding behind a firewall or NAT router.

    2. Determine the IP and port and NAT type of the WAN exposed by the intranet client; The stun server uses this information to assist in establishing peer-to-peer UDP traffic between computers in different intranets.

Stun protocol is a good solution to the general home (NAT) router environment of the hole, but for most of the enterprise network environment is not very good.

A new solution is required: TURN (Traversal Using Relay NAT, which allows the connection of TCP or UDP across a NAT or firewall. Turn is a client-server protocol. Turn's Nat penetration method is similar to stun, by obtaining a NAT through the application layer's public address, but the terminal that implements the turn client must interact with turn server before the communication begins, and requires turn server to generate "relay port". That is relayed-transport-address. Then TURN server establishes a peer, the remote endpoint (remote endpoints), to begin the relay (relay) action, TURN client exploits Relay The port transmits the data to the peer, which is then forwarded to the turn client of the other party. Transfer data via the server's newly generated peer.

The ICE protocol is a comprehensive NAT traversal solution that combines the first 2 protocols.

UDP-based communication is established through the Offer/answer model. Ice is an extension of the Offer/answer model by including multiple IP addresses and ports in the offer and answer SDP (Session Description Protocol), and then pairing the IP addresses in the local SDP and remote SDP. The connectivity test is then performed through peer-to-peer connectivity checks, and if the test passes indicates that the transport address pair can establish a connection. Where the IP address and port (that is, the address) has the following: The local address, the Server-reflexive address (the address that the intranet address is mapped by NAT), the relayed address (the address that corresponds to the turn forwarding server), and the peer from the stun server Reflexive address and so on.

2. Room server and Signaling Server setup:

We set up this series of backend servers in an Ubuntu Linux server on the public network.

Server code we chose Googlechrome's Open source project, which can be found on GitHub:

Https://github.com/GoogleChrome/webrtc

Some examples of this project can be obtained at the following URL:

http://googlechrome.github.io/webrtc/

Running Google's room server in our own server APPRTC needs to rely on Google App Engine SDK for Python and Grunt.

First, build the room server APPRTC
    1. First we install Grunt:
[email protected]:~/$ sudo apt-get install npm[email protected]:~/$ sudo apt-get install nodejs-legacy[email protected]:~/$ sudo npm -g install grunt-cli
    1. Download the source of the project to a directory:
[email protected]:~/$ cd ~;[email protected]:~/$ git clone https://github.com/GoogleChrome/webrtc.git;
    1. Terminal shell switches the current working directory to the previous step of the downloaded project directory WEBRTC, and then installs the grunt and grunt dependencies:
[email protected]:~/$ cd webrtc;[email protected]:~/webrtc$ npm install;
    1. Before running the APPRTC room server we need to grunt compile the JS file of the project and the like:
[email protected]:~/webrtc$ grunt;

The above compilation process will automatically download and install the Google App Engine SDK to the current directory.

[email protected]:~/webrtc$ lsbower.json   google_appengine         Gruntfile.js  LICENSE.md    README.md        samplesbuild        google_appengine_1.9.17.zip  images        node_modules  run_python_tests.py  webtest-masterCONTRIBUTING.md  grunt-chrome-build       index.html    package.json  run_python_tests.sh  webtest-master.tar.gz

Next, we need to add the directory of the Google App Engine SDK to the system environment variable $PATH and make it effective.

[email protected]:~/webrtc$ echo "export PATH=$PATH:$PWD/google_appengine" > ~/.bash_profile[email protected]:~/webrtc$ source ~/.bash_profile

This time we can directly run our room server APPRTC. Use the following command to turn on (hostname: vpn.wuqiong.tk can use their own to give me the money IP address instead):

[email protected]:~/webrtc$ dev_appserver.py --host vpn.wuqiong.tk  samples/web/content/apprtc/
Build the signaling server again

Signaling server We still use the WebSocket-based signaling server in the go language provided in the Google Chrome WEBRTC project: Collider.

We need to install the Go Language Run environment support first:

[email protected]:~/webrtc$ sudo apt-get install golang-go

Then create a new directory (Collider_root) in our user directory to store this collider go Code program.

[email protected]:~/webrtc$ mkdir -p ~/collider_root;[email protected]:~/webrtc$ export COLLIDER_ROOT=$HOME/collider_root; //也可以加入~/.bash_profile

The next step is to link the WENRTC project directory below the COLLIDER code directory to $collider_root/src down, prepare for the subsequent compilation work;

[email protected]:~/webrtc$ ln -sf $PWD/samples/web/content/apprtc/collider/collider $COLLIDER_ROOT/src/[email protected]:~/webrtc$ ln -sf $PWD/samples/web/content/apprtc/collider/collidermain $COLLIDER_ROOT/src/[email protected]:~/webrtc$ ln -sf $PWD/samples/web/content/apprtc/collider/collidertest $COLLIDER_ROOT/src/

After all the preparation, we will mainly compile and install collider:

[email protected]:~/webrtc$ go get collidermain[email protected]:~/webrtc$ go install collidermain

This time, the signaling server binaries are installed on the $collider_root/bin. You can turn on the run signaling server with the following command:

[email protected]:~/webrtc$ $COLLIDER_ROOT/bin/collidermain -port=8089 -tls=false

The signaling server is temporarily running in non-TLS mode. Because our self-signed certificate WebSocket can't communicate.

3.stun/turn/ice Server Build-up

We opted for a richer coturn as our NAT traversal server, the project is an open source project in C + + language, Project address: https://code.google.com/p/coturn/or we download the compiled package directly, In the following site can download our corresponding platform package: http://turnserver.open-sys.org/downloads/v4.4.1.2/Open this URL, according to our server type select Download, I now choose the Debian and Ubuntu system packages:

cd ~;wget http://turnserver.open-sys.org/downloads/v4.4.1.2/turnserver-4.4.1.2-debian-wheezy-ubuntu-mint-x86-64bits.tar.gz   

Then unpack the package:

tar xvfz turnserver-4.4.1.2-debian-wheezy-ubuntu-mint-x86-64bits.tar.gz

Read the installation manual INSTALL files in detail and follow the instructions to install them:

$ sudo apt-get update$ sudo apt-get install gdebi-core$ sudo gdebi coturn*.deb

Then edit the configuration file to open the system default boot configuration:

$ vim /etc/default/coturn

Remove the comment from the file that opened the edit above TURNSERVER_ENABLED=1 and save the exit.

Then edit the Coturn configuration file according to the actual situation /etc/turnserver.conf , for example, I open the configuration entry as follows:

listening-device=eth0listening-ip=~~106.186.127.xxx~~relay-device=eth0relay-ip=~~106.186.127.xxx~~Verbosefingerprintlt-cred-mechuse-auth-secretstatic-auth-secret=diveineduuser=diveinedu:0x06b2afcf07ba085b7777b481b1020391user=diveinedu:diveinedustale-noncecert=/etc/turn_server_cert.pempkey=/etc/turn_server_pkey.pemno-loopback-peersno-multicast-peerssha256mobilityno-cli

The self-signed certificate cert and Pkey configured above is generated with the OpenSSL command:

sudo openssl req -x509 -newkey rsa:2048 -keyout   99999 -nodes

After all the configuration of the wall server is complete, everything is ready before you start the command:

service coturn start;
Settings for room servers and signaling servers

After three servers are built, we need a certain amount of consolidation to enable them to work together: constants.py in the APPRTC directory is a configuration file for some constant configuration information, such as the following settings:

  #TURN_BASE_URL = ' https:// Computeengineondemand.appspot.com ' turn_base_url =  #TURN_URL_TEMPLATE = '%s/turn?username=%s&key=%s ' turn_ Url_template =  ' %s/turn.php?username= %s&key=%s '  #CEOD_KEY = ' 4080218913 ' ceod_key =  ' diveinedu '  #WSS_HOST_PORT_ PAIR = ' apprtc-ws.webrtc.org:443 ' wss_host_port_pair =  apprtc.diveinedu.com:8089 '             

Since our signaling server does not have the Secure Socket mode enabled, we need to change the APPRTC code to do the following changes in apprtc.py:

DefGet_wss_parameters(Request):Ws_host_port_pair=Request.Get(' Wshpp ')Ws_tls=Request.Get(' Wstls ')IfNotWs_host_port_pair:Ws_host_port_pair=Constants.Wss_host_port_pairIfWs_tlsandWs_tls==' False ': wss_url =  ' ws://' + ws_host_port_pair +  '/ws ' wss_post_url =  ' http//' + ws_host_port_pair  Else: wss_url =  ' ws://' + ws_host_port_pair +  '/ws ' wss_post_url =  ' http//' + ws_host_port_pair return  (wss_urlwss_post_url)   

Change the original WSS and HTTPS scheme to WS and HTTP, and do not allow the client or browser to use SSL links. Of course, if there is a certificate issued by the signing authority of the third-party root certificate, it is not necessary.

The corresponding signaling server also needs to do a little bit of setup: Edit Collider/collidermain/main.go, modify the settings of your own room server URL:

//var roomSrv = flag.String("room-server", "https://apprtc.appspot.com", "The origin of the room server")var roomSrv = flag.String("room-server", "http://apprtc.diveinedu.com:8080/", "The origin of the room server")

After these simple room servers and the custom settings of the signaling server, we built a simple service based on the Google project's own WEBRTC.

Open http://apprtc.diveinedu.com:8080/with Google Chrome, register your room and you'll be able to make a video call. Of course, the previous WEBRTC for iOS framework will allow direct video calls to the browser and iOS native apps.

This document is organized by the Changsha Camp David Education .

WEBRTC Server Setup

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

Tags Index: