openvidu部署流程
简介
openvidu是一个基于Java开发的视频通话应用,底层依赖**Kurento Media Server (kms)**进行视频通话,并提供一系列接口以方便自己开发的应用接入视频通话功能。
部署流程
1. 安装基础服务(kms以及coturn)
1.1 安装docker 参考文档
1.2 运行docker镜像
参考 openvidu官方文档 使用 Docker Compose 安装,由于我们要可能需要修改openvidu和openvidu-call的源码,因此,注释掉其中的openvidu和openvidu-call以及nginx部分,仅保留kms以及coturn部分。nginx一般采用服务器本身安装的nginx,如果服务器本身未安装nginx的话,也可以不注释nginx段,使用docker镜像的方式来运行nginx。kms服务是底层服务,一般不需要手动修改源码,可以直接使用docker安装。coturn是打洞服务,kms依赖coturn进行打洞。下面将具体说明:
1
|
curl https://s3-eu-west-1.amazonaws.com/aws.openvidu.io/install_openvidu_latest.sh ' bash
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
|
1. 进入文件夹
$ cd openvidu
2. 修改配置文件
$ vim .env
// 修改 DOMAIN_OR_PUBLIC_IP、OPENVIDU_SECRET、CERTIFICATE_TYPE、LETSENCRYPT_EMAIL配置项
3. 修改docker-compose.yml
// docker-compose.yml文件中定义了多个docker镜像,其中的openvidu-server我们自己编译安装,nginx使用自己安装的。所以openvidu-server和nginx两段整个注释掉
4. 重命名docker-compose.override.yml
// docker-compose.override.yml文件中定义了openvidu-call镜像,这个是官方的演示demo,这部分我们也需要修改代码,因此文件重命名为docker-compose.override.yml.bak
5. 运行OpenVidu
$ ./openvidu start
For more information, check:
https://docs.openvidu.io/en/stable/deployment/ce/on-premises/
|
docker 镜像运行时,可能需要查看kms日志,可使用以下命令查看
1
2
3
|
// 实时跟踪docker日志
docker logs --follow openvidu-kms-1
|
2. 编译安装openvidu
2.1 安装java
openvidu 依赖 JDK11 运行环境安装文档
2.2 github 下载源码
1
|
git clone https://github.com/OpenVidu/openvidu.git
|
2.3 编译
可以在本地打包后上传到服务器也可以直接在服务器上打包
1
2
3
4
5
|
cd openvidu
mvn clean install
cp openvidu-server/target/openvidu-server-*.jar ../openvidu-build/openvidu-server.jar
|
2.4 配置ssl证书
openvidu默认使用4443端口,不配置ssl会出现’连接丢失’将nginx证书转换为Java证书
1
2
3
|
openssl pkcs12 -export -out server.p12 -inkey server.key -in server_bundle.crt
cp server.p12 /www/openvidu-build/
|
3.编译安装openvidu-call
openvidu-call是官方的demo应用,从源码安装更容易修改
3.1 安装node
openvidu-call 依赖 node 运行环境自行安装即可
3.2 github 下载源码
1
2
3
|
git clone https://github.com/OpenVidu/openvidu-call.git
cd openvidu-call
|
3.3 编译前端代码
1
2
3
4
|
cd openvidu-call-front/
npm i
npm run prod:build-java ./ // 此命令会将前端代码编译打包到../openvidu-call-back-java/src/main/resources/statics目录下
|
3.4 编译后端代码
1
2
3
|
cd openvidu-call-back-java/
mvn clean install
|
4.服务器放行端口
1
2
3
4
5
6
7
|
**80 TCP**: if you select Let's Encrypt to generate an SSL certificate this port is used by the generation process.
**443 TCP**: OpenVidu server and application are published by default in standard https port.
**3478 TCP+UDP**: used by STUN/TURN server to resolve clients IPs.
**4443 TCP**: used by openvidu.
**40000 - 57000 TCP+UDP**: used by Kurento Media Server to establish media connections.
**57001 - 65535 TCP+UDP**: used by TURN server to establish relayed media connections.
|
5.修改nginx配置文件
如果在第一步中,注释了nginx段,采用自己安装的nginx,需要在nginx/conf/vhost下增加配置文件,然后重启nginx。配置文件示例:openvidu.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
|
# Your App
upstream yourapp {
server 127.0.0.1:5000;
}
upstream openviduserver {
server 127.0.0.1:4443;
}
server
{
listen 80;
listen 443 ssl http2;
server_name DOMAIN_NAME;
index index.php index.html index.htm default.php default.htm default.html;
#SSL-START SSL相关配置,请勿删除或修改下一行带注释的404规则
#error_page 404/404.html;
ssl_certificate /www/server/panel/vhost/cert/DOMAIN_NAME/fullchain.pem;
ssl_certificate_key /www/server/panel/vhost/cert/DOMAIN_NAME/privkey.pem;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
add_header Strict-Transport-Security "max-age=31536000";
error_page 497 https://$host$request_uri;
#SSL-END
#禁止访问的文件或目录
location ~ ^/(\.user.ini'\.htaccess'\.git'\.env'\.svn'\.project'LICENSE'README.md)
{
return 404;
}
#一键申请SSL证书验证目录相关设置
location ~ \.well-known{
allow all;
}
#禁止在证书验证目录放入敏感文件
if ( $uri ~ "^/\.well-known/.*\.(php'jsp'py'js'css'lua'ts'go'zip'tar\.gz'rar'7z'sql'bak)$" ) {
return 403;
}
# Proxy
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Proto https;
proxy_headers_hash_bucket_size 512;
proxy_redirect off;
# Websockets
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# Your App
location / {
proxy_pass http://yourapp; # Openvidu call by default
}
########################
# OpenVidu Locations #
########################
#################################
# Common rules #
#################################
# Dashboard rule
location /dashboard {
allow all;
deny all;
proxy_pass http://openviduserver;
}
# Websocket rule
location ~ /openvidu$ {
proxy_pass https://openviduserver;
}
#################################
# New API #
#################################
location /openvidu/layouts {
rewrite ^/openvidu/layouts/(.*)$ /custom-layout/$1 break;
root /opt/openvidu;
}
location /openvidu/recordings {
proxy_pass http://openviduserver;
}
location /openvidu/api {
allow all;
deny all;
proxy_pass https://openviduserver;
}
location /openvidu/info {
allow all;
deny all;
proxy_pass https://openviduserver;
}
location /openvidu/accept-certificate {
proxy_pass https://openviduserver;
}
location /openvidu/cdr {
allow all;
deny all;
proxy_pass https://openviduserver;
}
access_log /www/wwwlogs/DOMAIN_NAME.log;
error_log /www/wwwlogs/DOMAIN_NAME.error.log;
}
|