本文介绍了CoTURN:如何使用TURN REST API?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我已经建立coturn并成功运行。 IP:192.168.1.111。我现在面临的问题是打通REST API的转折凭证。
根据文章的请求格式应为

I have build coturn and run it successfully. ip:192.168.1.111. Now the question I faced is to get the Turn credential through REST API.http://tools.ietf.org/html/draft-uberti-behave-turn-rest-00 According to the passage the request format should be

GET /服务=转&放大器;用户名= mbzrxpgjys

和反应应该是 JSON 。现在的问题是:

and response should be JSON. Now my question is:

a)如何配置和命令TURN服务器,使其在 REST API 模式?

a) How to configure and command TURN SERVER to make it run in REST API mode?

二)如何写在正确格式的HTTP请求,以便 TURN服务器能正确回答?你可以给我一个例子?

b) How to write a http request in the right format so TURN SERVER can reply correctly? could you give me an example?

推荐答案

几件事情要在这里澄清如下:

Few things to be clarified here are:


  • GET /服务=转&放大器;用户名= mbzrxpgjys 它返回一个JSON,只是一个建议的URI检索有时间限制打开从服务器凭据,您不必遵循,你的URI可以只是 /?giveMeCredentials 。事实上,我用我的socket连接来获取这些数据,而不是直接的HTTP调用使用JSON响应。一天结束,这不要紧,你(使用客户说TURN)如何获得这些证书,只要它们是有效的。

  • GET /?service=turn&username=mbzrxpgjys which returns a JSON, is just a suggested uri for retrieving time-limited TURN credentials from the server, you do not have to follow that, your uri can be just /?giveMeCredentials. In fact, I use my socket connection to retrieve this data, not direct http call with json response. End of day, it does not matter how you( the client that uses said TURN) get those credentials as long as they are valid.

您不要对TURN服务器的任何请求直接,否REST API 来电TURN服务器是你的控制之下。

You do not make any requests to the TURN server directly, no rest api call to TURN server is under your control.

您分配一个密钥,当你开始TURN服务器,这可以从一个DB(从而动态多变)服用,但懒惰,我,只是硬codeD,并且给了它之交的配置文件,也请记住要启用REST API。由于转命令的一部分, turnserver ... --use-auth的秘密--static-auth的秘密= MySecretKey

you allocate a secret key when you are starting the TURN server, this can be taken from a db(thus dynamically changable), but lazy that I am, just hard-coded, and gave it in the turn config file, also remember to enable REST API. As part of turn command, turnserver ... --use-auth-secret --static-auth-secret=MySecretKey

现在,在你的应用服务器,你可以使用相同的密钥生成凭证,用户名,这是UNIX时间戳和一些字符串(可以是随机的或用户ID或某物)<$ C $分开C>:,密码是你的秘密密钥的用户名的HMAC。

Now, in your application server, you would use the same secret key to generate credentials, for username, it is UNIX timestamp and some string( can be random or user id or something) seperated by : and the password would be HMAC of the username with your secret key.

有关UNIX时间戳,这已是TURN服务器时间到,你的证书必须是有效的,所以它计算这确保你考虑到你的应用服务器和你的回合之间的时钟时间差服务器。

about the UNIX timestamp, this has be the time in TURN server till which your credentials has to be valid, so which calculating this make sure you take into account of the clock time difference between your application server and your turn server.

现在从我的答案带到另一个

Now some sample code taken from my answer to another question

有关说明TURN服务器的命令:

command for stating TURN server:

turnserver -v --syslog -a -L xx.xxx.xx.xx -X yy.yyy.yyy.yy -E zz.zzz.zz.zzz --max-bps=3000000 -f -m 3 --min-port=32355 --max-port=65535 --use-auth-secret --static-auth-secret=my_secret --realm=north.gov --cert=turn_server_cert.pem --pkey=turn_server_pkey.pem --log-file=stdout -q 100 -Q 300 --cipher-list=ALL

的node.js code用于创建应用程序服务器TURN凭据:

node.js code for creating TURN credentials in application server:

var crypto = require('crypto');

function getTURNCredentials(name, secret){

    var unixTimeStamp = parseInt(Date.now()/1000) + 24*3600,   // this credential would be valid for the next 24 hours
        username = [unixTimeStamp, name].join(':'),
        password,
        hmac = crypto.createHmac('sha1', secret);
    hmac.setEncoding('base64');
    hmac.write(username);
    hmac.end();
    password = hmac.read();
    return {
        username: username,
        password: password
    };
}

浏览器code,使用这样的:

Browser code for using this:

  ...
  iceServers:[
    {
      urls: "turn:turn_server_ip",
      username: username,
      credential:password
    }
  ...

这篇关于CoTURN:如何使用TURN REST API?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

09-13 22:25