I. Service composition

1. AppRTC Room Service code :github.com/webrtc/appr…

Collider signaling service (AppRTC

3. CoTurn drilling service, code :github.com/coturn/cotu…

Packaging resources: link: pan.baidu.com/s/1ulx1FVRN… Extraction code: 3E5F

Two, preliminary preparation

1. Operating system: Centos 64bits

2, Google webrtc server Demo: see https://github.com/webrtc/apprtc

3. Apprtc.test.com

4. Domain name SSL certificate

5. Put all resources in the /data directory

6. Python 2.7.9 and above

Three, software requirements

1. Replace Ali Yunyuan


mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup

wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo

yum makecache

yum update

Copy the code

2. Install JDK

yum -y install java

Copy the code

3. Install nodeJS

Curl, silent - the location https://rpm.nodesource.com/setup_8.x | sudo bash - yum - y install nodejs didn't over the wall, please change into taobao source NPM install  -g cnpm --registry=https://registry.npm.taobao.org npm -g install grunt-cliCopy the code

4. Install Python and dependencies

yum install -y python
yum install -y python-webtest

wget https://bootstrap.pypa.io/ez_setup.py -O - | sudo python
 
git clone git://github.com/kennethreitz/requests.git
cd requests/
python2 setup.py install

Copy the code

5. Install Git

yum -y git
Copy the code

6. Install google-Cloud-SDK

https://cloud.google.com/sdk/docs/#linux

Copy the code

Three, build the room

1, Download apPRTC source code (directory /data/)

git clone  https://github.com/webrtc/apprtc.git

cd apprtc

cnpm install


Copy the code

2. Modify the file

A. modify/data/apprtc/SRC/app_engine/the py

TURN_BASE_URL = 'https://apprtc.test.com' # webrtc.olcms.com
TURN_URL_TEMPLATE = '%s/turn.php? username=%s&key=%s' # If turn.php is not implemented, use the default configuration
CEOD_KEY = '1234567890'   #turn password, the user name set after turn is the same

ICE_SERVER_BASE_URL = 'https://apprtc.test.com'
ICE_SERVER_URL_TEMPLATE = '%s/iceconfig.php? key=%s' # If iceconfig.php is not implemented, the default configuration can be used, but Android Apk has problems

WSS_INSTANCE_HOST_KEY = 'apprtc.test.com:8089'  Signaling server port number 8089
WSS_INSTANCE_NAME_KEY = 'vm_name'
WSS_INSTANCE_ZONE_KEY = 'zone'
WSS_INSTANCES = [{
       WSS_INSTANCE_HOST_KEY: 'apprtc.test.com:8089',
       WSS_INSTANCE_NAME_KEY: 'wsserver-std',
       WSS_INSTANCE_ZONE_KEY: 'us-central1-a'  
       }, {  
       WSS_INSTANCE_HOST_KEY: 'apprtc.test.com:8089',
       WSS_INSTANCE_NAME_KEY: 'wsserver-std-2', 
       WSS_INSTANCE_ZONE_KEY: 'us-central1-f'
}]
Copy the code

B. Modify /data/apprtc/ SRC /web_app/js/ appController.js to :440

window.history.pushState({'roomId': roomId, 'roomLink': roomLink}, roomId, roomLink); Before that, add roomLink= roomlink. substring("http"."https");

Copy the code

3, compile,

grunt build
Copy the code

When the compilation is complete, the Out directory is generated and the room server is finished compiling.

4. Run the room server

nohup /root/google-cloud-sdk/bin/dev_appserver.py --host=apprtc.test.com /data/apprtc/out/app_engine &
Copy the code

The domain name must be resolved or bound to host on the server. Otherwise, a message is displayed indicating that port binding fails

Collider Server

1. Install the GO environment

yum install go

Copy the code

2. Configure the GO environment


mkdir -p /usr/local/go/src

mkdir -p /usr/local/go/bin vim ~/.bash_profile is added at the bottomexport GOPATH=/root/go
PATH=$PATH:$GOPATH/bin

source ~/.bash_profile

Copy the code

3. Copy the Collider source code

The/data/apprtc/SRC/starts/three directories in the directory (starts, collidermain, collidertest) copied to/usr/local/go/SRC/directory

 cp -r /data/apprtc/src/collider/* /root/go/src/
 
Copy the code

4. Modify the code

A. edit the file/root/go/SRC/collidermain/main. Go and change the address of the server room

var roomSrv = flag.String("room-server"."https://apprtc.test.com"."The origin of the room server")

Copy the code

B. Edit the file/root/go/SRC/starts/starts. Go to modify the following:

SSL certificate placed under /data/cert/test.com e = server.listenandservetls ("/data/cert/test.com/test.com.pem"."/data/cert/test.com/test.com.key")

Copy the code

5. Download the dependent libraries

mkdir -p /usr/local/go/src/golang.org/x 
cd /usr/local/go/src/golang.org/x
git clone https://github.com/golang/net
Copy the code

6. Compile the signaling server

go get collidermain
go install collidermain

Copy the code

7. Run the signaling server

nohup collidermain -port=8089 -tls=true &
Copy the code

5. Build STUN\TURN server

1. Download the installation package

Wget HTTP: / / http://turnserver.open-sys.org/downloads/v4.5.0.7/turnserver-4.5.0.7-CentOS7.4-x86_64.tar.gzCopy the code

2. Decompress and install

The tar ZXVF turnserver 4.5.0.7 - CentOS7.4 - x86_64. Tar. GzcdTurnserver - 4.5.0.7. / install. ShCopy the code

3. Generate a certificate

mkdir -p /data/cert/turnserver
openssl req -x509 -newkey rsa:2048 -keyout /data/cert/turnserver/turn_server_cert.pem -out /data/cert/turnserver/turn_server_pkey.pem -days 99999 -nodes
Copy the code

4. Modify the configuration

vim /etc/turnserver.conf

Copy the code

The configuration is as follows:

listening-device=xxx # change to local nic
listening-port=3478
relay-device=xxx # change to local nic
min-port=49152
max-port=65535
daemon=true # background run
fingerprint 
lt-cred-mech
use-auth-secret
static-auth-secret=1234567890 # turn password
realm=apprtc.test.com
user=inesadt:0x7e3a2ed35d3cf7f19e2f8b015a186f54
user=inesadt:inesadt
stale-nonce
cert=/data/cert/turnserver/turn_server_cert.pem
pkey=/data/cert/turnserver/turn_server_pkey.pem
no-loopback-peers
no-multicast-peers
mobility
no-cli
Copy the code

5. Run the TURN service

nohup trunserver &
Copy the code

Install nginx

rpm -Uvh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
yum install -y nginx
Copy the code

7. PHP environment installation

1. Install PHP

rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm

yum install php70w-common php70w-fpm  php70w-devel

Copy the code

2. Modify the nginx configuration

vim /etc/nginx/conf.d/default.conf

Copy the code

Configuration contents:

Upstream roomServer {server IP address :8080; } server { listen 80; server_name apprtc.test.com;return  301 https://$server_name$request_uri;
}
server {
   listen    443;
   server_name  apprtc.test.com;
   access_log  /var/log/nginx/apprtc.test.com.log main; root /data/html; index index.html index.htm index.php; Location ~ \.php${fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME$document_root$fastcgi_script_name;
       #fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
       include        fastcgi_params;
   }

   location / {
                      proxy_pass http://roomserver$request_uri;
                      proxy_set_header Host $host;
               }
   ssl on;
   ssl_certificate /data/cert/test.com/test.com.pem;
   ssl_certificate_key /data/cert/test.com/test.com.key;
}
Copy the code

PHP file and iceconfig. PHP file and put the file in /data/ HTML/directory

3.1 Contents of the turn.php file:

<? php$request_username = $_GET["username"];
if (empty($request_username)) {
  echo "username == null";
  exit;
}
$request_key = $_GET["key"];
$time_to_live = 600;
$timestamp = time() + $time_to_live; // Expiration time$response_username = $timestamp . ":" . ($_GET["username"]????' ');
$response_key = $request_key;
if (empty($response_key))
  $response_key = "1234567890"; / / the CEOD_KEY py$response_password = getSignature($response_username.$response_key);

$jsonObj = new Response();
$jsonObj->username = $response_username;
$jsonObj->password = $response_password;
$jsonObj->ttl = 86400; // You need to configure your own server$jsonObj->uris = array("stun:apprtc.test.com:3478"."turn:apprtc.test.com:3478?transport=udp"."turn:apprtc.test.com?transport=tcp");

echo json_encode($jsonObj); /** * Use the hMAC-sha1 algorithm to generate the signature value ** @param$strThe source string * @ param$keyKey * * @returnSignature value * /function getSignature($str.$key)
{
  $signature = "";
  if (function_exists('hash_hmac')) {
      $signature = base64_encode(hash_hmac("sha1".$str.$key.true));
  } else {
      $blocksize = 64;
      $hashfunc = 'sha1';
      if (strlen($key) > $blocksize) {
          $key = pack('H*'.$hashfunc($key));
      }
      $key = str_pad($key.$blocksize, chr(0x00));
      $ipad = str_repeat(chr(0x36), $blocksize);
      $opad = str_repeat(chr(0x5c), $blocksize);
      $hmac = pack(
          'H*'.$hashfunc(($key ^ $opad) . pack(
                  'H*'.$hashfunc(($key ^ $ipad).$str))));$signature = base64_encode($hmac);
  }
  return $signature;
}

class Response
{
  public $username = "";
  public $password = "";
  public $ttl = "";
  public $uris = array("");
}

?> 
Copy the code

3.2 Contents of iceconfig. PHP file:

<? php$request_username = "inesadt"; // Configure to your own turn server usernameif (empty($request_username)) {
  echo "username == null";
  exit;
}
$request_key = "1234567890"; //turn Server password$time_to_live = 600;
$timestamp = time() + $time_to_live; // Expiration time$response_username = $timestamp . ":" . ($_GET["username"]????' ');
$response_key = $request_key;
if (empty($response_key))
  $response_key = "1234567890"; / / the CEOD_KEY py$response_password = getSignature($response_username.$response_key);

$arrayObj = array();
$arrayObj[0] ['username'] = $response_username;
$arrayObj[0] ['credential'] = $response_password; // Configure your own STUn /turn server$arrayObj[0] ['urls'] [0] ="stun:apprtc.test.com:3478";
$arrayObj[0] ['urls'] [1] ="turn:apprtc.test.com:3478?transport=tcp";
$arrayObj[0] ['uris'] [0] ="stun:apprtc.test.com:3478";
$arrayObj[0] ['uris'] [1] ="turn:apprtc.test.com:3478?transport=tcp";
$jsonObj = new Response();
$jsonObj->lifetimeDuration = "300.000 s";
$jsonObj->iceServers = $arrayObj;
echo json_encode($jsonObj); /** * Use the hMAC-sha1 algorithm to generate the signature value ** @param$strThe source string * @ param$keyKey * * @returnSignature value * /function getSignature($str.$key)
{
  $signature = "";
  if (function_exists('hash_hmac')) {
      $signature = base64_encode(hash_hmac("sha1".$str.$key.true));
  } else {
      $blocksize = 64;
      $hashfunc = 'sha1';
      if (strlen($key) > $blocksize) {
          $key = pack('H*'.$hashfunc($key));
      }
      $key = str_pad($key.$blocksize, chr(0x00));
      $ipad = str_repeat(chr(0x36), $blocksize);
      $opad = str_repeat(chr(0x5c), $blocksize);
      $hmac = pack(
          'H*'.$hashfunc(($key ^ $opad) . pack(
                  'H*'.$hashfunc(($key ^ $ipad).$str))));$signature = base64_encode($hmac);
  }
  return $signature;
}

class Response
{
  public $lifetimeDuration = "";
  public $iceServers = array("");
}

?>
Copy the code

4, change the file to 775 permission, user is nginx

5. Run nginx with php-fpm

systemctl start nginx 

systemctl start php-fpm

Copy the code

5.1 There are two situations when error 403 is reported

A. File permissions are incorrect

B. Selinux is enabled

vim /etc/selinux/config

SELINUX=disabled
Copy the code

6. After the deployment is complete, visit https://apprtc.test.com