zoukankan      html  css  js  c++  java
  • coTurn 使用测试方法


    1、从"../examples/etc/" 目录拷贝turnserver.conf文件到"/usr/local/etc/"目录


    主要配置  "username","password","listening-port" "listening-ip".

     1 vi /etc/turnserver/turnserver.conf
     3 # setting static accounts
     4 # Remember, "static" accounts are not dynamically checked by the turnserver process.
     5 user=username:password
     7 # listen ports
     8 listening-port=2222
     9 listening-ip=127.1.1
    11 # Now press "insert" key; then "Esc" key
    12 # Then type:
    13 :wq         #-- this command will save your settings and close turnserver.conf file
    15 # if you don't want to save settings; and quite. Simply type:
    16 :q


      1 turnserver: unknown option -- help
      2 0: log file opened: /var/log/turn_5112_2017-03-08.log
      3 0:
      4 RFC 3489/5389/5766/5780/6062/6156 STUN/TURN Server
      5 Version Coturn- 'dan Eider'
      6 0:
      7 Max number of open files/sockets allowed for this process: 3200
      8 0:
      9 Due to the open files/sockets limitation,
     10 max supported number of TURN Sessions possible is: 1000 (approximately)
     11 0:
     13 ==== Show him the instruments, Practical Frost: ====
     15 0: TLS supported
     16 0: DTLS supported
     17 0: DTLS 1.2 supported
     18 0: TURN/STUN ALPN supported
     19 0: Third-party authorization (oAuth) supported
     20 0: GCM (AEAD) supported
     21 0: OpenSSL compile-time version: OpenSSL 1.0.2k  26 Jan 2017
     22 0:
     23 0: SQLite supported, default database location is /usr/local/var/db/turndb
     24 0: Redis is not supported
     25 0: PostgreSQL supported
     26 0: MySQL supported
     27 0: MongoDB is not supported
     28 0:
     29 0: Default Net Engine version: 2 (UDP thread per network endpoint)
     31 =====================================================
     33 0: Config file found: /usr/local/etc/turnserver.conf
     34 0: Listener address to use:
     35 turnserver: unknown option -- help
     37 Usage: turnserver [options]
     38 Options:
     39  -d, --listening-device <device-name>           Listener interface device (NOT RECOMMENDED. Optional, Linux only).
     40  -p, --listening-port           <port>          TURN listener port (Default: 3478).
     41                                                 Note: actually, TLS & DTLS sessions can connect to the "plain" TCP & UDP port(s), too,
     42                                                 if allowed by configuration.
     43  --tls-listening-port           <port>          TURN listener port for TLS & DTLS listeners
     44                                                 (Default: 5349).
     45                                                 Note: actually, "plain" TCP & UDP sessions can connect to the TLS & DTLS port(s), too,
     46                                                 if allowed by configuration. The TURN server
     47                                                 "automatically" recognizes the type of traffic. Actually, two listening
     48                                                 endpoints (the "plain" one and the "tls" one) are equivalent in terms of
     49                                                 functionality; but we keep both endpoints to satisfy the RFC 5766 specs.
     50                                                 For secure TCP connections, we currently support SSL version 3 and
     51                                                 TLS versions 1.0, 1.1 and 1.2. For secure UDP connections, we support
     52                                                 DTLS version 1.
     53  --alt-listening-port<port>     <port>          Alternative listening port for STUN CHANGE_REQUEST (in RFC 5780 sense,
     54                                                 or in old RFC 3489 sense, default is "listening port plus one").
     55  --alt-tls-listening-port       <port>          Alternative listening port for TLS and DTLS,
     56                                                 the default is "TLS/DTLS port plus one".
     57  -L, --listening-ip             <ip>            Listener IP address of relay server. Multiple listeners can be specified.
     58  --aux-server                   <ip:port>       Auxiliary STUN/TURN server listening endpoint.
     59                                                 Auxiliary servers do not have alternative ports and
     60                                                 they do not support RFC 5780 functionality (CHANGE REQUEST).
     61                                                 Valid formats are for IPv4 and [1:2::3:4]:5555 for IPv6.
     62  --udp-self-balance                             (recommended for older Linuxes only) Automatically balance UDP traffic
     63                                                 over auxiliary servers (if configured).
     64                                                 The load balancing is using the ALTERNATE-SERVER mechanism.
     65                                                 The TURN client must support 300 ALTERNATE-SERVER response for this functionality.
     66  -i, --relay-device             <device-name>   Relay interface device for relay sockets (NOT RECOMMENDED. Optional, Linux only).
     67  -E, --relay-ip         <ip>                    Relay address (the local IP address that will be used to relay the
     68                                                 packets to the peer).
     69                                                 Multiple relay addresses may be used.
     70                                                 The same IP(s) can be used as both listening IP(s) and relay IP(s).
     71                                                 If no relay IP(s) specified, then the turnserver will apply the default
     72                                                 policy: it will decide itself which relay addresses to be used, and it
     73                                                 will always be using the client socket IP address as the relay IP address
     74                                                 of the TURN session (if the requested relay address family is the same
     75                                                 as the family of the client socket).
     76  -X, --external-ip  <public-ip[/private-ip]>    TURN Server public/private address mapping, if the server is behind NAT.
     77                                                 In that situation, if a -X is used in form "-X ip" then that ip will be reported
     78                                                 as relay IP address of all allocations. This scenario works only in a simple case
     79                                                 when one single relay address is be used, and no STUN CHANGE_REQUEST
     80                                                 functionality is required.
     81                                                 That single relay address must be mapped by NAT to the 'external' IP.
     82                                                 For that 'external' IP, NAT must forward ports directly (relayed port 12345
     83                                                 must be always mapped to the same 'external' port 12345).
     84                                                 In more complex case when more than one IP address is involved,
     85                                                 that option must be used several times in the command line, each entry must
     86                                                 have form "-X public-ip/private-ip", to map all involved addresses.
     87  --no-loopback-peers                            Disallow peers on the loopback addresses (127.x.x.x and ::1).
     88  --no-multicast-peers                           Disallow peers on well-known broadcast addresses ( and above, and FFXX:*).
     89  -m, --relay-threads            <number>        Number of relay threads to handle the established connections
     90                                                 (in addition to authentication thread and the listener thread).
     91                                                 If explicitly set to 0 then application runs in single-threaded mode.
     92                                                 If not set then a default OS-dependent optimal algorithm will be employed.
     93                                                 The default thread number is the number of CPUs.
     94                                                 In older systems (pre-Linux 3.9) the number of UDP relay threads always equals
     95                                                 the number of listening endpoints (unless -m 0 is set).
     96  --min-port                     <port>          Lower bound of the UDP port range for relay endpoints allocation.
     97                                                 Default value is 49152, according to RFC 5766.
     98  --max-port                     <port>          Upper bound of the UDP port range for relay endpoints allocation.
     99                                                 Default value is 65535, according to RFC 5766.
    100  -v, --verbose                                  'Moderate' verbose mode.
    101  -V, --Verbose                                  Extra verbose mode, very annoying (for debug purposes only).
    102  -o, --daemon                                   Start process as daemon (detach from current shell).
    103  -f, --fingerprint                              Use fingerprints in the TURN messages.
    104  -a, --lt-cred-mech                             Use the long-term credential mechanism.
    105  -z, --no-auth                                  Do not use any credential mechanism, allow anonymous access.
    106  -u, --user                     <user:pwd>      User account, in form 'username:password', for long-term credentials.
    107                                                 Cannot be used with TURN REST API.
    108  -r, --realm                    <realm>         The default realm to be used for the users when no explicit
    109                                                 origin/realm relationship was found in the database.
    110                                                 Must be used with long-term credentials
    111                                                 mechanism or with TURN REST API.
    112  --check-origin-consistency                     The flag that sets the origin consistency check:
    113                                                 across the session, all requests must have the same
    114                                                 main ORIGIN attribute value (if the ORIGIN was
    115                                                 initially used by the session).
    116  -q, --user-quota               <number>        Per-user allocation quota: how many concurrent allocations a user can create.
    117                                                 This option can also be set through the database, for a particular realm.
    118  -Q, --total-quota              <number>        Total allocations quota: global limit on concurrent allocations.
    119                                                 This option can also be set through the database, for a particular realm.
    120  -s, --max-bps                  <number>        Default max bytes-per-second bandwidth a TURN session is allowed to handle
    121                                                 (input and output network streams are treated separately). Anything above
    122                                                 that limit will be dropped or temporary suppressed
    123                                                 (within the available buffer limits).
    124                                                 This option can also be set through the database, for a particular realm.
    125  -B, --bps-capacity             <number>        Maximum server capacity.
    126                                                 Total bytes-per-second bandwidth the TURN server is allowed to allocate
    127                                                 for the sessions, combined (input and output network streams are treated separately).
    128  -c                             <filename>      Configuration file name (default - turnserver.conf).
    129  -b, , --db, --userdb   <filename>              SQLite database file name; default - /var/db/turndb or
    130                                                     /usr/local/var/db/turndb or /var/lib/turn/turndb.
    131  -e, --psql-userdb, --sql-userdb <conn-string>  PostgreSQL database connection string, if used (default - empty, no PostreSQL DB used).
    132                                                 This database can be used for long-term credentials mechanism users,
    133                                                 and it can store the secret value(s) for secret-based timed authentication in TURN RESP A
    134                                                 See http://www.postgresql.org/docs/8.4/static/libpq-connect.html for 8.x PostgreSQL
    135                                                 versions format, see
    136                                                 http://www.postgresql.org/docs/9.2/static/libpq-connect.html#LIBPQ-CONNSTRING
    137                                                 for 9.x and newer connection string formats.
    138  -M, --mysql-userdb     <connection-string>     MySQL database connection string, if used (default - empty, no MySQL DB used).
    139                                                 This database can be used for long-term credentials mechanism users,
    140                                                 and it can store the secret value(s) for secret-based timed authentication in TURN RESP A
    141                                                 The connection string my be space-separated list of parameters:
    142                                                 "host=<ip-addr> dbname=<database-name> user=<database-user> 
    143                                                                 password=<database-user-password> port=<db-port> connect_timeout=<seconds
    145                                                 The connection string parameters for the secure communications (SSL):
    146                                                 ca, capath, cert, key, cipher
    147                                                 (see http://dev.mysql.com/doc/refman/5.1/en/ssl-options.html for the
    148                                                 command options description).
    150                                                 All connection-string parameters are optional.
    152  --use-auth-secret                              TURN REST API flag.
    153                                                 Flag that sets a special authorization option that is based upon authentication secret
    154                                                 (TURN Server REST API, see TURNServerRESTAPI.pdf). This option is used with timestamp.
    155  --static-auth-secret           <secret>        'Static' authentication secret value (a string) for TURN REST API only.
    156                                                 If not set, then the turn server will try to use the 'dynamic' value
    157                                                 in turn_secret table in user database (if present).
    158                                                 That database value can be changed on-the-fly
    159                                                 by a separate program, so this is why it is 'dynamic'.
    160                                                 Multiple shared secrets can be used (both in the database and in the "static" fashion).
    161  --server-name                                  Server name used for
    162                                                 the oAuth authentication purposes.
    163                                                 The default value is the realm name.
    164  --oauth                                        Support oAuth authentication.
    165  -n                                             Do not use configuration file, take all parameters from the command line only.
    166  --cert                 <filename>              Certificate file, PEM format. Same file search rules
    167                                                 applied as for the configuration file.
    168                                                 If both --no-tls and --no_dtls options
    169                                                 are specified, then this parameter is not needed.
    170  --pkey                 <filename>              Private key file, PEM format. Same file search rules
    171                                                 applied as for the configuration file.
    172                                                 If both --no-tls and --no-dtls options
    173  --pkey-pwd             <password>              If the private key file is encrypted, then this password to be used.
    174  --cipher-list  <"cipher-string">               Allowed OpenSSL cipher list for TLS/DTLS connections.
    175                                                 Default value is "DEFAULT".
    176  --CA-file              <filename>              CA file in OpenSSL format.
    177                                                 Forces TURN server to verify the client SSL certificates.
    178                                                 By default, no CA is set and no client certificate check is performed.
    179  --ec-curve-name        <curve-name>            Curve name for EC ciphers, if supported by OpenSSL
    180                                                 library (TLS and DTLS). The default value is prime256v1,
    181                                                 if pre-OpenSSL 1.0.2 is used. With OpenSSL 1.0.2+,
    182                                                 an optimal curve will be automatically calculated, if not defined
    183                                                 by this option.
    184  --dh566                                        Use 566 bits predefined DH TLS key. Default size of the predefined key is 1066.
    185  --dh2066                                       Use 2066 bits predefined DH TLS key. Default size of the predefined key is 1066.
    186  --dh-file      <dh-file-name>                  Use custom DH TLS key, stored in PEM format in the file.
    187                                                 Flags --dh566 and --dh2066 are ignored when the DH key is taken from a file.
    188  --no-tlsv1                                     Do not allow TLSv1/DTLSv1 protocol.
    189  --no-tlsv1_1                                   Do not allow TLSv1.1 protocol.
    190  --no-tlsv1_2                                   Do not allow TLSv1.2/DTLSv1.2 protocol.
    191  --no-udp                                       Do not start UDP client listeners.
    192  --no-tcp                                       Do not start TCP client listeners.
    193  --no-tls                                       Do not start TLS client listeners.
    194  --no-dtls                                      Do not start DTLS client listeners.
    195  --no-udp-relay                                 Do not allow UDP relay endpoints, use only TCP relay option.
    196  --no-tcp-relay                                 Do not allow TCP relay endpoints, use only UDP relay options.
    197  -l, --log-file         <filename>              Option to set the full path name of the log file.
    198                                                 By default, the turnserver tries to open a log file in
    199                                                 /var/log/turnserver/, /var/log, /var/tmp, /tmp and . (current) directories
    200                                                 (which open operation succeeds first that file will be used).
    201                                                 With this option you can set the definite log file name.
    202                                                 The special names are "stdout" and "-" - they will force everything
    203                                                 to the stdout; and "syslog" name will force all output to the syslog.
    204  --no-stdout-log                                Flag to prevent stdout log messages.
    205                                                 By default, all log messages are going to both stdout and to
    206                                                 a log file. With this option everything will be going to the log file only
    207                                                 (unless the log file itself is stdout).
    208  --syslog                                       Output all log information into the system log (syslog), do not use the file output.
    209  --simple-log                                   This flag means that no log file rollover will be used, and the log file
    210                                                 name will be constructed as-is, without PID and date appendage.
    211                                                 This option can be used, for example, together with the logrotate tool.
    212  --stale-nonce                                  Use extra security with nonce value having limited lifetime (600 secs).
    213  -S, --stun-only                                Option to set standalone STUN operation only, all TURN requests will be ignored.
    214      --no-stun                                  Option to suppress STUN functionality, only TURN requests will be processed.
    215  --alternate-server             <ip:port>       Set the TURN server to redirect the allocate requests (UDP and TCP services).
    216                                                 Multiple alternate-server options can be set for load balancing purposes.
    217                                                 See the docs for more information.
    218  --tls-alternate-server <ip:port>               Set the TURN server to redirect the allocate requests (DTLS and TLS services).
    219                                                 Multiple alternate-server options can be set for load balancing purposes.
    220                                                 See the docs for more information.
    221  -C, --rest-api-separator       <SYMBOL>        This is the timestamp/username separator symbol (character) in TURN REST API.
    222                                                 The default value is ':'.
    223      --max-allocate-timeout=<seconds>           Max time, in seconds, allowed for full allocation establishment. Default is 60.
    224      --allowed-peer-ip=<ip[-ip]>                Specifies an ip or range of ips that are explicitly allowed to connect to the
    225                                                 turn server. Multiple allowed-peer-ip can be set.
    226      --denied-peer-ip=<ip[-ip]>                 Specifies an ip or range of ips that are not allowed to connect to the turn server.
    227                                                 Multiple denied-peer-ip can be set.
    228  --pidfile <"pid-file-name">                    File name to store the pid of the process.
    229                                                 Default is /var/run/turnserver.pid (if superuser account is used) or
    230                                                 /var/tmp/turnserver.pid .
    231  --secure-stun                                  Require authentication of the STUN Binding request.
    232                                                 By default, the clients are allowed anonymous access to the STUN Binding functionality.
    233  --proc-user <user-name>                        User name to run the turnserver process.
    234                                                 After the initialization, the turnserver process
    235                                                 will make an attempt to change the current user ID to that user.
    236  --proc-group <group-name>                      Group name to run the turnserver process.
    237                                                 After the initialization, the turnserver process
    238                                                 will make an attempt to change the current group ID to that group.
    239  --mobility                                     Mobility with ICE (MICE) specs support.
    240  --no-cli                                       Turn OFF the CLI support. By default it is always ON.
    241  --cli-ip=<IP>                                  Local system IP address to be used for CLI server endpoint. Default value
    242                                                 is
    243  --cli-port=<port>                              CLI server port. Default is 5766.
    244  --cli-password=<password>                      CLI access password. Default is empty (no password).
    245                                                 For the security reasons, it is recommended to use the encrypted
    246                                                 for of the password (see the -P command in the turnadmin utility).
    247                                                 The dollar signs in the encrypted form must be escaped.
    248  --server-relay                                 Server relay. NON-STANDARD AND DANGEROUS OPTION. Only for those applications
    249                                                 when we want to run server applications on the relay endpoints.
    250                                                 This option eliminates the IP permissions check on the packets
    251                                                 incoming to the relay endpoints.
    252  --cli-max-output-sessions                      Maximum number of output sessions in ps CLI command.
    253                                                 This value can be changed on-the-fly in CLI. The default value is 256.
    254  --ne=[1|2|3]                                   Set network engine type for the process (for internal purposes).
    255  -h                                             Help
    257  For more information, see the wiki pages:
    259         https://github.com/coturn/coturn/wiki/
    View Code


    使用 https://sourceforge.net/projects/stun/files/




  • 相关阅读:
    Java 关键字 速查表
  • 原文地址:https://www.cnblogs.com/mobilecard/p/6517457.html
Copyright © 2011-2022 走看看