Language:EN / NE / AE / DE / IT

안녕하세요.


오늘은 U5PVR 에 Spreed WebRTC 서버를 설치해 보도록 하겠습니다.


먼저 하기 글을 참고해 주시길 바랍니다.


http://djjproject.blog.me/220896389747



Spreed WebRTC 서버는 WebRTC 를 이용한 영상통화를 웹페이지에서 구현하는 것입니다.


크롬, 파이어폭스, 오페라 등과 호환이 가능하고 엣지 브라우저와는 호환이 되는지 모르겠습니다.


안드로이드 크롬에서 작동 가능하고 여타 아이폰에서 크롬을 설치했다고 해서 동작하지는 않습니다.



1. 네트워크 구조 이해하기


대부분 네트워크를 사용하시는 분은 아래와 같이 2가지의 구조로 연결이 되어 있을 것입니다.


(공유기를 2개 통하는 그런 구조는 예외. 너무 귀찮아져서 뺍니다.)


(U5PVR 이 상당히 과장되게 그려졌네요 ㅎㅎ..)



Spreed WebRTC 는 미디어 릴레이가 필수 입니다.


사진에서 순서대로 첫번째 두번째라고 하면, 첫번째는 U5PVR 위치가 NAT 환경이고 두번째는 공인아이피에 바로 물린 상황입니다.


공인아이피에 물린 경우에는 stun server 만 경유하면 음성 및 영상이 릴레이가 됩니다. 

(이 경우에는 구글의 오픈 서버를 이용하면 되기 때문에 문제가 없습니다.)


그러나 NAT 상에 물린 경우에는 미디어와 영상을 turn 서버에서 릴레이 해야합니다.

turn 서버에 음성과 영상이 경유 되어 사용자끼리 통신이 되기 때문에 서버에 부하가 많이 참으로 무료로 제공되는 서버는 거의 없습니다.


U5PVR 에 turn 서버를 꼭 두지 않아도 되고 다른 서버에 turn 서버를 설치해서 운영해도 됩니다.



2. Spreed WebRTC 서버 설치하기


먼저 빌드환경을 구축해야 함으로 의존성 패키지를 설치합니다.


root@u5pvr-debian:~# apt-get install git build-essential nodejs autoconf

Reading package lists... Done

Building dependency tree

Reading state information... Done

The following extra packages will be installed:

  automake autotools-dev binutils dpkg-dev fakeroot g++ g++-4.9 gcc gcc-4.9 libalgorithm-diff-perl

  libalgorithm-diff-xs-perl libalgorithm-merge-perl libasan1 libatomic1 libc-ares2 libc-dev-bin

  libc6-dev libdpkg-perl libfakeroot libfile-fcntllock-perl libgcc-4.9-dev libgomp1 libsigsegv2

  libstdc++-4.9-dev libubsan0 libv8-3.14.5 linux-libc-dev m4 make manpages-dev patch

Suggested packages:

  autoconf-archive gnu-standards autoconf-doc libtool gettext binutils-doc debian-keyring gcc-4.9-doc

  libstdc++6-4.9-dbg gcc-multilib flex bison gdb gcc-doc gcc-4.9-locales libgcc1-dbg libgomp1-dbg

  libitm1-dbg libatomic1-dbg libasan1-dbg liblsan0-dbg libtsan0-dbg libubsan0-dbg libcilkrts5-dbg

  libquadmath-dbg glibc-doc libstdc++-4.9-doc make-doc ed diffutils-doc

The following NEW packages will be installed:

  autoconf automake autotools-dev binutils build-essential dpkg-dev fakeroot g++ g++-4.9 gcc gcc-4.9

  libalgorithm-diff-perl libalgorithm-diff-xs-perl libalgorithm-merge-perl libasan1 libatomic1

  libc-ares2 libc-dev-bin libc6-dev libdpkg-perl libfakeroot libfile-fcntllock-perl libgcc-4.9-dev

  libgomp1 libsigsegv2 libstdc++-4.9-dev libubsan0 libv8-3.14.5 linux-libc-dev m4 make manpages-dev

  nodejs patch

0 upgraded, 34 newly installed, 0 to remove and 0 not upgraded.

Need to get 33.0 MB of archives.

After this operation, 94.1 MB of additional disk space will be used.

Do you want to continue? [Y/n]


root@u5pvr-debian:~# apt-get install -t jessie-backports golang-go

Reading package lists... Done

Building dependency tree

Reading state information... Done

The following extra packages will be installed:

  golang-1.7-go golang-1.7-src golang-src pkg-config

Suggested packages:

  bzr git mercurial subversion

The following NEW packages will be installed:

  golang-1.7-go golang-1.7-src golang-go golang-src pkg-config

0 upgraded, 5 newly installed, 0 to remove and 86 not upgraded.

Need to get 24.6 MB of archives.

After this operation, 137 MB of additional disk space will be used.

Do you want to continue? [Y/n]


다음으로 Spreed WebRTC 소스를 받습니다.


root@u5pvr-debian:~# git clone https://github.com/strukturag/spreed-webrtc.git

Cloning into 'spreed-webrtc'...

remote: Counting objects: 14519, done.

remote: Compressing objects: 100% (5/5), done.

remote: Total 14519 (delta 0), reused 0 (delta 0), pack-reused 14514

Receiving objects: 100% (14519/14519), 16.57 MiB | 126.00 KiB/s, done.

Resolving deltas: 100% (11038/11038), done.

Checking connectivity... done.

root@u5pvr-debian:~#


소스가 받아진 위치로 이동하고 아래처럼 컴파일 작업을 시작합니다.


root@u5pvr-debian:~# cd spreed-webrtc/


root@u5pvr-debian:~/spreed-webrtc# ls

AUTHORS       Dockerfile        Makefile.am  autogen.sh        doc   package.json          src

CHANGELOG.md  Dockerfile.build  NEWS         build             go    scripts               static

COPYING       Dockerfile.run    README       configure.ac      html  server.conf.in

ChangeLog     LICENSE           README.md    dependencies.tsv  m4    spreed-webrtc-server


root@u5pvr-debian:~/spreed-webrtc# ./autogen.sh

autoreconf: Entering directory `.'

autoreconf: configure.ac: not using Gettext

autoreconf: running: aclocal --force -I m4

autoreconf: configure.ac: tracing

autoreconf: configure.ac: not using Libtool

autoreconf: running: /usr/bin/autoconf --force

autoreconf: configure.ac: not using Autoheader

autoreconf: running: automake --add-missing --copy --force-missing

configure.ac:47: installing './install-sh'

configure.ac:47: installing './missing'

Makefile.am:141: warning: release-binary was already defined in condition TRUE, which includes condition GO_14 ...

Makefile.am:139: ... 'release-binary' previously defined here

Makefile.am:143: warning: release-binary was already defined in condition TRUE, which includes condition !GO_14 ...

Makefile.am:139: ... 'release-binary' previously defined here

Makefile.am: installing './INSTALL'

autoreconf: Leaving directory `.'


root@u5pvr-debian:~/spreed-webrtc# ./configure --prefix=/usr

checking for a BSD-compatible install... /usr/bin/install -c

checking whether build environment is sane... yes

checking for a thread-safe mkdir -p... /bin/mkdir -p

checking for gawk... no

checking for mawk... mawk

checking whether make sets $(MAKE)... yes

checking whether make supports nested variables... yes

checking whether to enable maintainer-specific portions of Makefiles... yes

checking for grep that handles long lines and -e... /bin/grep

checking for a sed that does not truncate output... /bin/sed

checking for gawk... (cached) mawk

checking for find... /usr/bin/find

checking for gpm... no

checking for jshint... no

checking for python2... /usr/bin/python2

checking for version of python2... 2.7.9

checking for go... /usr/bin/go

checking for version of Go... 1.7.4

checking third-party Go source code path... /root/spreed-webrtc/vendor

checking for nodejs... /usr/bin/nodejs

checking for version of node.js... 0.10.29

checking for compass... no

configure: WARNING: Please install compass before trying to build styles.

checking for sass... no

configure: WARNING: Please install sass before trying to build styles.

checking for scss-lint... no

configure: WARNING: Please install scss-lint to lint styles.

checking for autoprefixer... no

configure: WARNING: Please install autoprefixer before trying to build styles.

checking for pybabel... no

configure: WARNING: Please install pybabel before trying to build i18n.

checking for npm... no

configure: WARNING: Please install npm and the the node.js module po2json to build i18n.

checking that generated files are newer than configure... done

configure: creating ./config.status

config.status: creating Makefile

config.status: creating src/styles/Makefile

config.status: creating src/i18n/Makefile

root@u5pvr-debian:~/spreed-webrtc#


뭔가 추가적으로 필요한 패키지들이 있어 보이지만 컴파일하여 구동하는데에는 별 문제가 없다고 판단이 되어 설치는 하지 않습니다.


컴파일 하는데 5분 걸립니다.


root@u5pvr-debian:~/spreed-webrtc# make -j 4 && make install

make get

make[1]: Entering directory '/root/spreed-webrtc'

if [ -z "" ]; then GOPATH="/root/spreed-webrtc/vendor:/root/spreed-webrtc" go get github.com/rogpeppe/godeps; fi

if [ -z "" ]; then GOPATH="/root/spreed-webrtc/vendor:/root/spreed-webrtc" /root/spreed-webrtc/vendor/bin/godeps -u dependencies.tsv; fi

update github.com/strukturag/sloth failed; trying to fetch newer version

github.com/strukturag/sloth now at 74a8bcf67368de59baafe5d3e17aee9875564cfc

update github.com/gorilla/context failed; trying to fetch newer version

github.com/gorilla/context now at 215affda49addc4c8ef7e2534915df2c8c35c6cd

update github.com/gorilla/websocket failed; trying to fetch newer version

github.com/gorilla/websocket now at a69d25be2fe2923a97c2af6849b2f52426f68fc0

update github.com/strukturag/phoenix failed; trying to fetch newer version

github.com/strukturag/phoenix now at 31b7f25f4815e6e0b8e7c4010f6e9a71c4165b19

update github.com/nats-io/nats failed; trying to fetch newer version

github.com/nats-io/nats now at 355b5b97e0842dc94f1106729aa88e33e06317ca

update github.com/dlintw/goconf failed; trying to fetch newer version

github.com/dlintw/goconf now at dcc070983490608a14480e3bf943bad464785df5

update github.com/gorilla/mux failed; trying to fetch newer version

github.com/gorilla/mux now at ba336c9cfb43552c90de6cb2ceedd3271c747558

update github.com/gorilla/securecookie failed; trying to fetch newer version

github.com/gorilla/securecookie now at aeade84400a85c6875264ae51c7a56ecdcb61751

update github.com/strukturag/goacceptlanguageparser failed; trying to fetch newer version

github.com/strukturag/goacceptlanguageparser now at 68066e68c2940059aadc6e19661610cf428b6647

update github.com/satori/go.uuid failed; trying to fetch newer version

github.com/satori/go.uuid now at 879c5887cd475cd7864858769793b2ceb0d44feb

update github.com/strukturag/httputils failed; trying to fetch newer version

github.com/strukturag/httputils now at afbf05c71ac03ee7989c96d033a9571ba4ded468

update github.com/longsleep/pkac failed; trying to fetch newer version

github.com/longsleep/pkac now at 68bf8859f58dd84332ee41c07eba357fb3818ba3

mkdir -p /root/spreed-webrtc/vendor/src/github.com/strukturag

rm -f /root/spreed-webrtc/vendor/src/github.com/strukturag/spreed-webrtc

ln -sfn /root/spreed-webrtc /root/spreed-webrtc/vendor/src/github.com/strukturag/spreed-webrtc

make[1]: Leaving directory '/root/spreed-webrtc'

make binary

make[1]: Entering directory '/root/spreed-webrtc'

GOPATH="/root/spreed-webrtc/vendor:/root/spreed-webrtc" /usr/bin/go build  -o bin/spreed-webrtc-server -ldflags '' app/spreed-webrtc-server

make[1]: Leaving directory '/root/spreed-webrtc'

make assets

make[1]: Entering directory '/root/spreed-webrtc'

/bin/mkdir -p /root/spreed-webrtc/build/out

/usr/bin/nodejs /root/spreed-webrtc/build/r.js \

        -o /root/spreed-webrtc/build/build.js \

        dir=/root/spreed-webrtc/build/out

..........................


다음으로 소스에 포함되어 있는 설정 파일을 복사합니다.


root@u5pvr-debian:~/spreed-webrtc# mkdir /etc/spreed-webrtc-server

root@u5pvr-debian:~/spreed-webrtc# cp server.conf.in /etc/spreed-webrtc-server/server.conf

root@u5pvr-debian:~/spreed-webrtc#


다음으로 init.d 스크립트를 아래와 같은 내용으로 생성해 주고 실행권한을 부여합니다.


root@u5pvr-debian:~/spreed-webrtc# nano /etc/init.d/spreed-webrtc


#!/bin/sh

### BEGIN INIT INFO

# Provides: spreed-webrtc-server

# Required-Start: $remote_fs $syslog $networking

# Required-Stop:

# Default-Start: 2 3 4 5

# Default-Stop: 0 1 6

# Short-Description: Spreed WebRTC

# Description: WebRTC audio/video call and conferencing server and web client

# More information at https://github.com/strukturag/spreed-webrtc

# Author: TeHashX / contact@hqt.ro

# Version: 1.1

### END INIT INFO

CONF="/etc/spreed-webrtc-server/server.conf"

test -f "/usr/sbin/spreed-webrtc-server" || exit 0

spreed_running=`ps ax | grep "spreed-webrtc-server" | awk '{ print $1 }' | wc -l`

case "$1" in

start)

if [ "$spreed_running" -gt 1 ]; then

echo "Spreed Webrtc Server already running..."

exit 0

fi

echo -n "Starting Spreed Webrtc Server: "

cd /etc/spreed-webrtc-server/

/usr/sbin/spreed-webrtc-server -c=$CONF 2> /dev/null &

echo "done"

sleep 5

exit 0

;;

stop)

if [ "$spreed_running" -eq 1 ]; then

echo "Spreed Webrtc Server is not running (no process found)..."

exit 0

fi

echo -n "Killing Spreed Webrtc Server: "

# Trying to kill the Spreed Webrtc Server

ps ax | grep "spreed-webrtc-server" | awk '{ print $1 }' | xargs kill >/dev/null 2>&1

sleep 1

echo "done"

;;

restart)

sh $0 stop

sh $0 start

;;

status)

if [ "$spreed_running" -gt 1 ]; then

echo "Spreed Webrtc Server running."

else

echo "It seems that Spreed Webrtc Server isn't running (no process found)."

fi

;;

*)

echo "Usage: $0 {start|stop|restart|status}"

exit 1

;;

esac

exit 0


root@u5pvr-debian:~/spreed-webrtc# chmod a+x /etc/init.d/spreed-webrtc


다음으로 https 연결에 사용할 SSL 인증서를 셀프사인으로 생성합니다.


(크롬에서는 https 연결이 아닐 경우 webrtc 가 활성화가 되지 않습니다.)


root@u5pvr-debian:~/spreed-webrtc# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/spreed-webrtc-server/server.key -out /etc/spreed-webrtc-server/server.crt

Generating a 2048 bit RSA private key

.........+++

...+++

writing new private key to '/etc/spreed-webrtc-server/server.key'

-----

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

# 아래 칸은 그냥 엔터키로 넘겼습니다. (아무것도 입력되지 않은 상태)

Country Name (2 letter code) [AU]:

State or Province Name (full name) [Some-State]:

Locality Name (eg, city) []:

Organization Name (eg, company) [Internet Widgits Pty Ltd]:

Organizational Unit Name (eg, section) []:

Common Name (e.g. server FQDN or YOUR name) []:

Email Address []:

root@u5pvr-debian:~/spreed-webrtc#


다음으로 설정파일을 수정합니다.


root@u5pvr-debian:~/spreed-webrtc# nano /etc/spreed-webrtc-server/server.conf



; Spreed WebRTC server example configuration


[http]

; HTTP listener in format ip:port.

;listen = 127.0.0.1:8080

; Full path to directory where to find the server web assets.

root = /usr/share/spreed-webrtc-server/www    #코멘트 해제

; HTTP socket read timeout in seconds.

;readtimeout = 10

; HTTP socket write timeout in seconds.

;writetimeout = 10

; Use basePath if the server does not run on the root path (/) of your server.

;basePath = /some/sub/path/

; Set maximum number of open files (only works when run as root).

;maxfd = 32768

; Enable stats API /api/v1/stats for debugging (not for production use!).

;stats = false

; Enable HTTP listener for golang pprof module. See

; http://golang.org/pkg/net/http/pprof/ for details.

;pprofListen = 127.0.0.1:6060


[https]

; Native HTTPS listener in format ip:port.

listen = 0.0.0.0:8443    #코멘트 해제 및 바인드 아이피 0.0.0.0 으로 수정 원하는 포트 설정

; Full path to PEM encoded certificate chain.

certificate = /etc/spreed-webrtc-server/server.crt    #인증서 파일 위치 지정

; Full path to PEM encoded private key.

key = /etc/spreed-webrtc-server/server.key            #인증서 파일 위치 지정

; Mimimal supported encryption standard (SSLv3, TLSv1, TLSv1.1 or TLSv1.2).

;minVersion = SSLv3

; HTTPS socket read timeout in seconds.

;readtimeout = 10

; HTTPS socket write timeout in seconds.

;writetimeout = 10


테스트를 진행하기 위해서 서비스를 시작합니다.


root@u5pvr-debian:~/spreed-webrtc# service spreed-webrtc start

Starting Spreed Webrtc Server: done

root@u5pvr-debian:~/spreed-webrtc#



3. Spreed WebRTC 테스트하기


테스트는 먼저 내부망에서 한번 해 보도록 하겠습니다.


외부망의 경우 미디어 릴레이 관련 문제가 생기기 때문에 아직은 안됩니다. ㅎㅎ


PC 에 마이크가 없어서 핸드폰으로 한번 테스트 진행 해 보았습니다.


웹 브라우저로 https://192.168.100.35:8443 으로 접속합니다. 셀프 사인이기 때문에 보안에 위험하다? 는 에러가 뜹니다만 제낍니다.


그리고 마이크 권한 설정을 해 준다음 아래처럼 사용이 가능합니다.




예전에 찍어둔 스크린샷 입니다. PC 에서는 이렇습니다.



정상적으로 잘 됩니다.



4. U5PVR 이 공인아이피를 받는 경우


이 경우에는 STUN 서버만 설정하시면 됩니다.


Spreed WebRTC 서버 설정파일을 수정합니다.


root@u5pvr-debian:~/spreed-webrtc# nano /etc/spreed-webrtc-server/server.conf


[app]

; HTML page title

;title = Spreed WebRTC

; Version string to use for static resources. This defaults to the server

; version and should only be changed when you use your own way to invalidate

; long cached static resources.

;ver = 1234

; STUN server URIs in format host:port. You can provide multiple seperated by

; space. If you do not have one use a public one like stun.spreed.me:443. If

; you have a TURN server you do not need to set an STUN server as the TURN

; server will provide STUN services.

stunURIs = stun:stun1.l.google.com:19302        # 언코멘트 후 google stun 주소를 넣습니다.

; TURN server URIs in format host:port?transport=udp|tcp. You can provide

; multiple seperated by space. If you do not have at least one TURN server then

; some users will not be able to use the server as the peer to peer connection

; cannot be established without a TURN server due to firewall reasons. An open

; source TURN server which is fully supported can be found at

; https://code.google.com/p/rfc5766-turn-server/.

;turnURIs = turn:turnserver:port?transport=udp

; Shared secret authentication for TURN user generation if the TURN server is

; protected (which it should be).

; See http://tools.ietf.org/html/draft-uberti-behave-turn-rest-00 for details.

; A supported TURN server is https://code.google.com/p/rfc5766-turn-server/.

;turnSecret = the-default-turn-shared-secret-do-not-keep


이 후 서버를 재시작 하고 외부에서 접근해도 잘 작동합니다.



5. U5PVR 이 NAT 상태인 경우


이 경우는 U5PVR 이 공유기 밑에 물려있는 상황입니다.


이 상황에서는 어쩔 수 없이 turn 서버를 설치해서 운영해야 합니다.


turn 서버는 꼭 U5PVR 에 있을 필요는 없습니다. 단일화의 목적이니 U5PVR 에 설치해 보도록 하겠습니다.


root@u5pvr-debian:~# apt-get install coturn

Reading package lists... Done

Building dependency tree

Reading state information... Done

The following extra packages will be installed:

  libevent-core-2.0-5 libevent-extra-2.0-5 libevent-openssl-2.0-5 libevent-pthreads-2.0-5

  libhiredis0.10 libmysqlclient18 libpq5 mysql-common telnet

Suggested packages:

  sip-router xmpp-server

The following NEW packages will be installed:

  coturn libevent-core-2.0-5 libevent-extra-2.0-5 libevent-openssl-2.0-5 libevent-pthreads-2.0-5

  libhiredis0.10 libmysqlclient18 libpq5 mysql-common telnet

0 upgraded, 10 newly installed, 0 to remove and 0 not upgraded.

Need to get 1426 kB of archives.

After this operation, 5260 kB of additional disk space will be used.

Do you want to continue? [Y/n]


다음은 turnserver 가 socket 권한을 가지도록 아래와 같이 aid_inet 그룹에 추가합니다.


root@u5pvr-debian:~# adduser turnserver aid_inet

Adding user `turnserver' to group `aid_inet' ...

Adding user turnserver to group aid_inet

Done.

root@u5pvr-debian:~# service coturn restart

[....] Restarting coturn: turnserver0: log file opened: /var/log/turn_8104_2017-04-28.log

0:

RFC 3489/5389/5766/5780/6062/6156 STUN/TURN Server

Version Coturn-4.2.1.2 'Monza'

0:

Max number of open files/sockets allowed for this process: 4096

0:

Due to the open files/sockets limitation,

max supported number of TURN Sessions possible is: 2000 (approximately)

0:


==== Show him the instruments, Practical Frost: ====


0: TLS supported

0: DTLS supported

0: AEAD supported

0: Redis supported

0: PostgreSQL supported

0: MySQL supported

0: MongoDB is not supported

0: OpenSSL compile-time version 0x1000109f: fresh enough

0: Default Net Engine version: 3 (UDP thread per CPU core)


=====================================================


0: Domain name: localdomain

0: Default realm: localdomain

0: Config file found: //etc/turnuserdb.conf

0: WARNING: cannot find certificate file: turn_server_cert.pem (1)

0: WARNING: cannot start TLS and DTLS listeners because certificate file is not set properly

0: WARNING: cannot find private key file: turn_server_pkey.pem (1)

0: WARNING: cannot start TLS and DTLS listeners because private key file is not set properly

0: NO EXPLICIT LISTENER ADDRESS(ES) ARE CONFIGURED

0: ===========Discovering listener addresses: =========

0: Listener address to use: 127.0.0.1

0: Listener address to use: 192.168.100.35

0: Listener address to use: ::1

0: =====================================================

0: Total: 1 'real' addresses discovered

0: =====================================================

0: NO EXPLICIT RELAY ADDRESS(ES) ARE CONFIGURED

0: ===========Discovering relay addresses: =============

0: Relay address to use: 192.168.100.35

0: Relay address to use: ::1

0: =====================================================

0: Total: 2 relay addresses discovered

0: =====================================================

. ok

root@u5pvr-debian:~#


정상적으로 구동중인지 확인을 합니다.


root@u5pvr-debian:~# netstat -nlp | grep turn

tcp        0      0 192.168.100.35:3478     0.0.0.0:*               LISTEN      8222/turnserver

tcp        0      0 127.0.0.1:3478          0.0.0.0:*               LISTEN      8222/turnserver

tcp        0      0 192.168.100.35:3478     0.0.0.0:*               LISTEN      8222/turnserver

tcp        0      0 127.0.0.1:3478          0.0.0.0:*               LISTEN      8222/turnserver

tcp        0      0 192.168.100.35:3478     0.0.0.0:*               LISTEN      8222/turnserver

tcp        0      0 127.0.0.1:3478          0.0.0.0:*               LISTEN      8222/turnserver

tcp        0      0 192.168.100.35:3478     0.0.0.0:*               LISTEN      8222/turnserver

tcp        0      0 127.0.0.1:3478          0.0.0.0:*               LISTEN      8222/turnserver

tcp        0      0 192.168.100.35:3479     0.0.0.0:*               LISTEN      8222/turnserver

tcp        0      0 127.0.0.1:3479          0.0.0.0:*               LISTEN      8222/turnserver

tcp        0      0 192.168.100.35:3479     0.0.0.0:*               LISTEN      8222/turnserver

tcp        0      0 127.0.0.1:3479          0.0.0.0:*               LISTEN      8222/turnserver

tcp        0      0 192.168.100.35:3479     0.0.0.0:*               LISTEN      8222/turnserver

tcp        0      0 127.0.0.1:3479          0.0.0.0:*               LISTEN      8222/turnserver

tcp        0      0 192.168.100.35:3479     0.0.0.0:*               LISTEN      8222/turnserver

tcp        0      0 127.0.0.1:3479          0.0.0.0:*               LISTEN      8222/turnserver

tcp        0      0 127.0.0.1:5766          0.0.0.0:*               LISTEN      8222/turnserver

tcp6       0      0 ::1:3478                :::*                    LISTEN      8222/turnserver

tcp6       0      0 ::1:3478                :::*                    LISTEN      8222/turnserver

tcp6       0      0 ::1:3478                :::*                    LISTEN      8222/turnserver

tcp6       0      0 ::1:3478                :::*                    LISTEN      8222/turnserver

tcp6       0      0 ::1:3479                :::*                    LISTEN      8222/turnserver

tcp6       0      0 ::1:3479                :::*                    LISTEN      8222/turnserver

tcp6       0      0 ::1:3479                :::*                    LISTEN      8222/turnserver

tcp6       0      0 ::1:3479                :::*                    LISTEN      8222/turnserver

udp        0      0 192.168.100.35:3478     0.0.0.0:*                           8222/turnserver

udp        0      0 192.168.100.35:3478     0.0.0.0:*                           8222/turnserver

udp        0      0 192.168.100.35:3478     0.0.0.0:*                           8222/turnserver

udp        0      0 192.168.100.35:3478     0.0.0.0:*                           8222/turnserver

udp        0      0 127.0.0.1:3478          0.0.0.0:*                           8222/turnserver

udp        0      0 127.0.0.1:3478          0.0.0.0:*                           8222/turnserver

udp        0      0 127.0.0.1:3478          0.0.0.0:*                           8222/turnserver

udp        0      0 127.0.0.1:3478          0.0.0.0:*                           8222/turnserver

udp        0      0 192.168.100.35:3479     0.0.0.0:*                           8222/turnserver

udp        0      0 192.168.100.35:3479     0.0.0.0:*                           8222/turnserver

udp        0      0 192.168.100.35:3479     0.0.0.0:*                           8222/turnserver

udp        0      0 192.168.100.35:3479     0.0.0.0:*                           8222/turnserver

udp        0      0 127.0.0.1:3479          0.0.0.0:*                           8222/turnserver

udp        0      0 127.0.0.1:3479          0.0.0.0:*                           8222/turnserver

udp        0      0 127.0.0.1:3479          0.0.0.0:*                           8222/turnserver

udp        0      0 127.0.0.1:3479          0.0.0.0:*                           8222/turnserver

udp6       0      0 ::1:3478                :::*                                8222/turnserver

udp6       0      0 ::1:3478                :::*                                8222/turnserver

udp6       0      0 ::1:3478                :::*                                8222/turnserver

udp6       0      0 ::1:3478                :::*                                8222/turnserver

udp6       0      0 ::1:3479                :::*                                8222/turnserver

udp6       0      0 ::1:3479                :::*                                8222/turnserver

udp6       0      0 ::1:3479                :::*                                8222/turnserver

udp6       0      0 ::1:3479                :::*                                8222/turnserver

root@u5pvr-debian:~#


잘 구동중입니다.


turnserver 설정파일을 아래와 같이 수정합니다.


root@u5pvr-debian:~# mv /etc/turnserver.conf /etc/turnserver.conf.bak    #기존설정파일 백업

root@u5pvr-debian:~# nano /etc/turnserver.conf


listening-port=3478

external-ip=123.123.123.123/192.168.0.123   <-- 공인아이피/사설아이피 입력

lt-cred-mech

use-auth-secret

static-auth-secret=djj9405  <-- 원하는 비밀번호 입력

total-quota=100

bps-capacity=0

stale-nonce

cipher-list="ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AES:RSA+3DES:!ADH:!AECDH:!MD5"

no-loopback-peers

no-multicast-peers

realm=local


그 후 turnserver 를 재시작 합니다.


root@u5pvr-debian:~# service coturn restart

[....] Restarting coturn: turnserver0: log file opened: /var/log/turn_9845_2017-04-28.log

0:

RFC 3489/5389/5766/5780/6062/6156 STUN/TURN Server

Version Coturn-4.2.1.2 'Monza'

0:

Max number of open files/sockets allowed for this process: 4096

0:

Due to the open files/sockets limitation,

max supported number of TURN Sessions possible is: 2000 (approximately)

0:


==== Show him the instruments, Practical Frost: ====


0: TLS supported

0: DTLS supported

0: AEAD supported

0: Redis supported

0: PostgreSQL supported

0: MySQL supported

0: MongoDB is not supported

0: OpenSSL compile-time version 0x1000109f: fresh enough

0: Default Net Engine version: 3 (UDP thread per CPU core)


=====================================================


0: Bad configuration format: mv

0: Bad configuration format: nano

0: 0 bytes per second allowed, combined server capacity

0: Bad configuration format: mv

0: Bad configuration format: nano

0: Domain name: localdomain

0: Default realm: local

0: WARNING: cannot find certificate file: turn_server_cert.pem (1)

0: WARNING: cannot start TLS and DTLS listeners because certificate file is not set properly

0: WARNING: cannot find private key file: turn_server_pkey.pem (1)

0: WARNING: cannot start TLS and DTLS listeners because private key file is not set properly

0: NO EXPLICIT LISTENER ADDRESS(ES) ARE CONFIGURED

0: ===========Discovering listener addresses: =========

0: Listener address to use: 127.0.0.1

0: Listener address to use: 192.168.100.35

0: Listener address to use: ::1

0: =====================================================

0: Total: 1 'real' addresses discovered

0: =====================================================

0: NO EXPLICIT RELAY ADDRESS(ES) ARE CONFIGURED

0: ===========Discovering relay addresses: =============

0: Relay address to use: 192.168.100.35

0: Relay address to use: ::1

0: =====================================================

0: Total: 2 relay addresses discovered

0: =====================================================

. ok

root@u5pvr-debian:~#


다음으로 공유기에서 3478 포트를 TCP/UDP 포트 모두 열어줍니다.


추가적으로 8443 포트도 TCP 로 열어줍니다.



다음으로 Spreed WebRTC 에서 turnserver 를 활용하도록 수정합니다.


root@u5pvr-debian:~# nano /etc/spreed-webrtc-server/server.conf



[app]
; HTML page title
;title = Spreed WebRTC
; Version string to use for static resources. This defaults to the server
; version and should only be changed when you use your own way to invalidate
; long cached static resources.
;ver = 1234
; STUN server URIs in format host:port. You can provide multiple seperated by
; space. If you do not have one use a public one like stun.spreed.me:443. If
; you have a TURN server you do not need to set an STUN server as the TURN
; server will provide STUN services.
;stunURIs = stun:stun1.l.google.com:19302        # stun 은 turnserver 에서 관리 함으로 언코멘트 합니다.
; TURN server URIs in format host:port?transport=udp|tcp. You can provide
; multiple seperated by space. If you do not have at least one TURN server then
; some users will not be able to use the server as the peer to peer connection
; cannot be established without a TURN server due to firewall reasons. An open
; source TURN server which is fully supported can be found at
; https://code.google.com/p/rfc5766-turn-server/.
turnURIs = turn:djjproject.iptime.org:3478?transport=udp        # turnserver 정보를 입력합니다.
; Shared secret authentication for TURN user generation if the TURN server is
; protected (which it should be).
; See http://tools.ietf.org/html/draft-uberti-behave-turn-rest-00 for details.
; A supported TURN server is https://code.google.com/p/rfc5766-turn-server/.
turnSecret = djj9405        # 언코멘트 후 turnserver 의 암호를 입력합니다.


turnURIs 의 경우 turn:아이피 or 도메인 주소:포트?transport=방식 입니다.


설정이 완료 되었습니다.


재시작 합니다.


root@u5pvr-debian:~# service spreed-webrtc restart

Killing Spreed Webrtc Server: done

Starting Spreed Webrtc Server: done

root@u5pvr-debian:~#


부팅시 자동실행할 경우 아래와 같이 설정하시면 됩니다.


root@u5pvr-debian:~# update-rc.d spreed-webrtc defaults



6. Test 고고@!


태블릿을 동원하여 실험을 진행했습니다.


델베뉴8프로 를 사용했고 전면에 카메라가 있습니다 ㅎㅎ..


반대부분은 넥서스5 입니다.


델베뉴8프로는 외부 다른 와이파이에 연결 / 그리고 넥서스5는 KT 망 사용 / U5PVR 이 있는 위치는 U+ 기업인터넷 (공유기 상태 NAT) 입니다.


이 상태에서는 turnserver 를 사용하지 않으면 작동이 되지 않습니다. 5번에서 정상적으로 설정을 했기 때문에 아래처럼 통화가 잘 됩니다 ㅎㅎ






매우 잘 됩니다 ㅎㅎ



감사합니다.