CoTURN:如何使用 TURN REST API? [英] CoTURN: How to use TURN REST API?
问题描述
我已经构建了 coturn 并成功运行了它.ip:192.168.1.111.现在我面临的问题是通过 REST API 获取 Turn 凭证.https://datatracker.ietf.org/doc/html/draft-uberti-behave-turn-rest-00 根据文章的要求,请求格式应该是
I have build coturn and run it successfully. ip:192.168.1.111. Now the question I faced is to get the Turn credential through REST API. https://datatracker.ietf.org/doc/html/draft-uberti-behave-turn-rest-00 According to the passage the request format should be
GET/?service=turn&username=mbzrxpgjys
和响应应该是 JSON.现在我的问题是:
and response should be JSON. Now my question is:
a) 如何配置和命令 TURN SERVER 使其在 REST API 模式下运行?
a) How to configure and command TURN SERVER to make it run in REST API mode?
b) 如何以正确的格式编写 http 请求,以便 TURN SERVER 可以正确回复?你能举个例子吗?
b) How to write a http request in the right format so TURN SERVER can reply correctly? could you give me an example?
推荐答案
这里有几点需要澄清:
GET/?service=turn&username=mbzrxpgjys返回一个 JSON,只是一个 建议 uri 用于检索时间限制 从服务器 TURN 凭据,您不必遵循此操作,您的 uri 可以只是/?giveMeCredentials.事实上,我使用我的套接字连接来检索这些数据,而不是直接使用 json 响应进行 http 调用.归根结底,只要这些凭据有效,您(使用上述 TURN 的客户端)如何获取这些凭据并不重要.
GET /?service=turn&username=mbzrxpgjyswhich returns a JSON, is just a suggested uri for retrieving time-limited TURN credentials from the server, you do not have to follow that, your uri can be just/?giveMeCredentials. In fact, I use my socket connection to retrieve this data, not direct http call with json response. End of day, it does not matter how you( the client that uses said TURN) get those credentials as long as they are valid.
您不会直接向 TURN 服务器发出任何请求,没有 rest api 对 TURN 服务器的调用在您的控制之下.
You do not make any requests to the TURN server directly, no rest api call to TURN server is under your control.
你在启动 TURN 服务器时分配了一个密钥,这可以从数据库中获取(因此可以动态更改),但我很懒,只是硬编码,并在轮配置中给出文件,还记得启用 REST API.作为转弯命令的一部分,turnserver ... --use-auth-secret --static-auth-secret=MySecretKey
you allocate a secret key when you are starting the TURN server, this can be taken from a db(thus dynamically changable), but lazy that I am, just hard-coded, and gave it in the turn config file, also remember to enable REST API. As part of turn command, turnserver ... --use-auth-secret --static-auth-secret=MySecretKey
现在,在您的应用程序服务器中,您将使用相同的密钥来生成凭据,对于用户名,它是 UNIX 时间戳和一些由 分隔的字符串(可以是随机的或用户 ID 或其他内容): 密码将是用户名的 HMAC 和您的密钥.
Now, in your application server, you would use the same secret key to generate credentials, for username, it is UNIX timestamp and some string( can be random or user id or something) seperated by : and the password would be HMAC of the username with your secret key.
关于 UNIX 时间戳,这是 TURN 服务器中的时间,直到您的凭据必须有效为止,因此计算此时间确保您考虑到应用服务器和轮到您之间的时钟时间差服务器.
about the UNIX timestamp, this has be the time in TURN server till which your credentials has to be valid, so which calculating this make sure you take into account of the clock time difference between your application server and your turn server.
现在一些示例代码取自我对另一个问题
Now some sample code taken from my answer to another question
用于声明 TURN 服务器的命令:
command for stating TURN server:
turnserver -v --syslog -a -L xx.xxx.xx.xx -X yy.yyy.yyy.yy -E zz.zzz.zz.zzz --max-bps=3000000 -f -m 3 --min-port=32355 --max-port=65535 --use-auth-secret --static-auth-secret=my_secret --realm=north.gov --cert=turn_server_cert.pem --pkey=turn_server_pkey.pem --log-file=stdout -q 100 -Q 300 --cipher-list=ALL
node.js 用于在应用服务器中创建 TURN 凭证的代码:
node.js code for creating TURN credentials in application server:
var crypto = require('crypto');
function getTURNCredentials(name, secret){
var unixTimeStamp = parseInt(Date.now()/1000) + 24*3600, // this credential would be valid for the next 24 hours
username = [unixTimeStamp, name].join(':'),
password,
hmac = crypto.createHmac('sha1', secret);
hmac.setEncoding('base64');
hmac.write(username);
hmac.end();
password = hmac.read();
return {
username: username,
password: password
};
}
使用这个的浏览器代码:
Browser code for using this:
...
iceServers:[
{
urls: "turn:turn_server_ip",
username: username,
credential:password
}
...
这篇关于CoTURN:如何使用 TURN REST API?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
