一分钟教你搭建WebRTC流媒体服务器Janus-gateway
前言
我最开始使用docker安装,结果docker安装的不是集成东西太多,导致镜像非常大。要么就是安装后发现问题多的,基本上没有维护。
不知道是我没有找到好的docker镜像还是真的就没有好的,如果有觉得不错的janus的docker镜像欢迎小伙伴留言哈。
注意:全篇建议在root用户下操作,如果没有办法执行root,那么在每条命令前面请加sudo
准备工作
- 一台Ubuntu18.04的服务器,拥有公网ip,最好是国外服务器,国内服务器下载依赖很慢。
- 一个域名,提前把域名解析到服务器的公网ip
- 使用http的话开放8088端口 使用https的话开放8089端口 ps:WebRTC需要在https环境或者本地的环境下才有效,所以建议开放8099就可以了,但是janus默认走的http。我也不知道官方怎么想的,不然我去提个pr?
安装依赖
sudo apt-get install aptitude
aptitude install libmicrohttpd-dev libjansson-dev \
libssl-dev libsrtp-dev libsofia-sip-ua-dev libglib2.0-dev \
libopus-dev libogg-dev libcurl4-openssl-dev liblua5.3-dev \
libconfig-dev pkg-config gengetopt libtool automake
有一个依赖库是必须通过源码安装的,它就是libsrtp库。 libsrtp库的主要作用是对数据进行加密。之所以要通过源码安装,是因为在apt源上的libsrtp库没有将ssl库编译上,而janus又需要使ssl库对数据做最终的加密,所以我们只能使用源码的方式安装了。具体操作步骤如下:
mkdir -p /opt/janus && cd janus
wget https://github.com/cisco/libsrtp/archive/v2.2.0.tar.gz
tar xfv v2.2.0.tar.gz
cd libsrtp-2.2.0
./configure --prefix=/usr --enable-openssl
make shared_library && sudo make install
安装Janus-Gateway
git clone https://github.com/meetecho/janus-gateway.git
cd janus-gateway
生成Makefile文件
./autogen.sh
./configure --prefix=/usr/local/janus
确认下生成Makefile成功没
ll Makefile
编译janus
make -j 4
sudo make install
sudo make configs
在这我出现了以下的错误
configure: error: Package requirements ( glib-2.0 >= 2.34 gio-2.0 >= 2.34 libconfig nice jansson >= 2.5 libssl >= 1.0.1 libcrypto zlib ) were not met: No package 'nice' found
是因为没有找到liblua5.3-dev,我找了很久也没有找到,最后解决办法是
sudo aptitude install libmicrohttpd-dev libjansson-dev libnice-dev
sudo aptitude install libssl-dev libsrtp-dev libsofia-sip-ua-dev libglib2.0-dev
sudo aptitude install libopus-dev libogg-dev libcurl4-openssl-dev pkg-config gengetopt libtool automakeg
如果没有出现此错误可以忽略,出现了的话可以按照我的步奏解决 解决后重新
./autogen.sh
./configure --prefix=/usr/local/janus
make -j 4
sudo make install
sudo make configs
安装CoTurn服务
安装coTrun看我之前的教程 WebRTC之搭建coturn服务遇到的问题
Janus配置
申请ssl证书,不会的看我这篇文章: WebRTC之完整搭建Jitsi Meet指南
vim /usr/local/janus/etc/janus/janus.jcfg
找到certificates配置项,在里面打开以下内容的配置,并设置。
certificates:
cert_pem = "/etc/ssl/cert/domain/cert.pem"
cert_key = "/etc/ssl/cert/domain/key.pem"
找到nat配置项,在里面打开以下内容的配置,并设置,其中的用户名及密码为turnserver.conf中配置的用户名及密码。
nat: {
stun_server = "domain.com"
stun_port = 3478
nice_debug = true
#full_trickle = true
#ice_lite = true
ice_tcp = true
# By default Janus tries to resolve mDNS (.local) candidates: even
# though this is now done asynchronously and shouldn't keep the API
# busy, even in case mDNS resolution takes a long time to timeout,
# you can choose to drop all .local candidates instead, which is
# helpful in case you know clients will never be in the same private
# network as the one the Janus instance is running from. Notice that
# this will cause ICE to fail if mDNS is the only way to connect!
#ignore_mdns = true
# In case you're deploying Janus on a server which is configured with
# a 1:1 NAT (e.g., Amazon EC2), you might want to also specify the public
# address of the machine using the setting below. This will result in
# all host candidates (which normally have a private IP address) to
# be rewritten with the public address provided in the settings. As
# such, use the option with caution and only if you know what you're doing.
# Make sure you keep ICE Lite disabled, though, as it's not strictly
# speaking a publicly reachable server, and a NAT is still involved.
# If you'd rather keep the private IP address in place, rather than
# replacing it (and so have both of them as advertised candidates),
# then set the 'keep_private_host' property to true.
#nat_1_1_mapping = "1.2.3.4"
#keep_private_host = true
# You can configure a TURN server in two different ways: specifying a
# statically configured TURN server, and thus provide the address of the
# TURN server, the transport (udp/tcp/tls) to use, and a set of valid
# credentials to authenticate...
turn_server = "domain.com"
turn_port = 3478
turn_type = "udp"
turn_user = "user"
turn_pwd = "passwd"
继续修改传输的配置把https打开,不打开https没有办法使用WebRTC的
vim /usr/local/janus/etc/janus/janus.transport.http.jcfg
修改general的配置
general: {
#events = true # Whether to notify event handlers about transport events (default=true)
json = "indented" # Whether the JSON messages should be indented (default),
# plain (no indentation) or compact (no indentation and no spaces)
base_path = "/janus" # Base path to bind to in the web server (plain HTTP only)
http = true # Whether to enable the plain HTTP interface
port = 8088 # Web server HTTP port
#interface = "eth0" # Whether we should bind this server to a specific interface only
#ip = "192.168.0.1" # Whether we should bind this server to a specific IP address (v4 or v6) only
https = true # Whether to enable HTTPS (default=false)
secure_port = 8089 # Web server HTTPS port, if enabled
#secure_interface = "eth0" # Whether we should bind this server to a specific interface only
#secure_ip = "192.168.0.1" # Whether we should bind this server to a specific IP address (v4 or v6) only
#acl = "127.,192.168.0." # Only allow requests coming from this comma separated list of addresses
}
修改admin配置
admin: {
admin_base_path = "/admin" # Base path to bind to in the admin/monitor web server (plain HTTP only)
admin_http = false # Whether to enable the plain HTTP interface
admin_port = 7088 # Admin/monitor web server HTTP port
#admin_interface = "eth0" # Whether we should bind this server to a specific interface only
#admin_ip = "192.168.0.1" # Whether we should bind this server to a specific IP address (v4 or v6) only
admin_https = true # Whether to enable HTTPS (default=false)
admin_secure_port = 7889 # Admin/monitor web server HTTPS port, if enabled
#admin_secure_interface = "eth0" # Whether we should bind this server to a specific interface only
#admin_secure_ip = "192.168.0.1 # Whether we should bind this server to a specific IP address (v4 or v6) only
#admin_acl = "127.,192.168.0." # Only allow requests coming from this comma separated list of addresses
}
修改证书
certificates: {
cert_pem = "/etc/letsencrypt/live/janus.rtctest.7moor.com/cert.pem"
cert_key = "/etc/letsencrypt/live/janus.rtctest.7moor.com/privkey.pem"
#cert_pwd = "secretpassphrase"
#ciphers = "PFS:-VERS-TLS1.0:-VERS-TLS1.1:-3DES-CBC:-ARCFOUR-128"
}
nginx配置
创建新的nginx配置文件
vim /etc/nginx/conf.d/doman.janus.conf
添加以下内容
server {
listen 0.0.0.0:443 ssl;
listen [::]:443 ssl;
# tls configuration that is not covered in this guide
# we recommend the use of https://certbot.eff.org/
server_name doman.com;
# set the root
root /opt/janus/janus-gateway/html;
index index.html;
location ~ ^/([a-zA-Z0-9=\?]+)$ {
rewrite ^/(.*)$ / break;
}
location / {
ssi on;
}
ssl_certificate /etc/letsencrypt/live/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/privkey.pem; # managed by Certbot
}
启动nginx
nginx -t && nginx -s reload
启动janus
nohup /opt/janus/bin/janus >> /var/log/janus.log 2>&1 &
打开浏览器输入你的域名
https://youdomain.com
学习时的痛苦是暂时的 未学到的痛苦是终生的