From 08e3980b2492b353502c565b8c025f5731565d80 Mon Sep 17 00:00:00 2001 From: mom040267 Date: Fri, 12 Dec 2014 01:59:25 +0000 Subject: [PATCH] INSTALL updated --- INSTALL | 87 +++++++++++++++++++++++++++++++++++++++++++++------------ 1 file changed, 69 insertions(+), 18 deletions(-) diff --git a/INSTALL b/INSTALL index 5b9d0d08..6b6cdc23 100644 --- a/INSTALL +++ b/INSTALL @@ -150,7 +150,49 @@ NOTE: On most modern systems, the build will produce dynamically linked executables. If you want statically linked executables, you have to modify, accordingly, the Makefile.in template file. -IV. INSTALL +IV. OPENSSL + +If you are using the OpenSSL that is coming with your system, and you are +OK with it, then you do not have to read this chapter. If your system has +an outdated OpenSSL version, or if you need some very fresh OpenSSL features +that are not present in the current usual stable version, then you may have +to compile (and run) your TURN server with a different OpenSSL version. + +For example, if you need ALPN feature, or DTLS1.2, and your system comes with +OpenSSL 1.0.1, you will not be able to use those features unless you install +OpenSSL 1.0.2 and compile and run the TURN server with the newer version. + +The problem is, it is usually not safe to replace the system's OpenSSL with +a different version. Some systems are "bound" to its "native" OpenSSL +installations, and their behavior may become unpredictable with the newer +versions. + +So you want to preserve your system's OpenSSL but you want to compile and to +run the TURN server with newer OpenSSL version. There are different ways to +do that. We are suggesting the following: + + 1) Download the OpenSSL version from openssl.org. + 2) Let's assume that we want to install the "custom" OpenSSL into /opt. + Configure and build OpenSSL as: + $ ./config --prefix=/opt + $ make + $ make install + Those commands will install OpenSSL into /opt, with static libraries (no + dynamic libraries). + 3) Build the TURN server: + $ ./configure --prefix=/opt + $ make + Those commands will build the TURN server binaries, statically linked + against the newer OpenSSL. + 4) Then you can run the TURN server without setting the dynamic + libraries paths - because it has been linked statically against the newer + OpenSSL libraries. + +One potential problem is that libevent2 is using the OpenSSL, too. So, ideally, +to be 100% safe of all potential discrepancies in the runtime, we'd suggesting +rebuilding libevent2 with the newer OpenSSL, too. + +V. INSTALL This step is optional. You can run the turnserver from the original build directory, successfully, without installing the TURN server into your system. @@ -206,7 +248,7 @@ but if you have some libraries in different non-default directories then you will have to add them manually to the search path, or you will have to adjust LD_LIBRARY_PATH. -V. PLATFORMS +VI. PLATFORMS The TURN Server is using generic *NIX system APIs and is supposed to be usable on wide range of *NIX systems. @@ -244,7 +286,7 @@ The code is compatible with C++ compiler, and a C++ compiler $ CC=g++ ./configure $ make -VII. WHICH EXTRA LIBRARIES AND UTILITIES YOU NEED +VIII. WHICH EXTRA LIBRARIES AND UTILITIES YOU NEED In addition to common *NIX OS services and libraries, to compile this code, OpenSSL (version 1.0.0a or better recommended) and libevent2 (version 2.0.5 @@ -443,7 +485,7 @@ that will set the installation prefix to /usr (without "--prefix=/usr" by default it would be installed to /usr/local). This is necessary if you want to overwrite your existing older OpenSSL installation. -VIII. BUILDING WITH NON-DEFAULT PREFIX DIRECTORY +IX. BUILDING WITH NON-DEFAULT PREFIX DIRECTORY Say, you have an older system with old openssl and old libevent library and you do not want to change that, but you still want @@ -482,7 +524,7 @@ by using $ ldconfig -m (BSD) $ crle -u -l (Solaris) -IX. TEST SCRIPTS +X. TEST SCRIPTS First of all, you can use the test vectors from RFC 5769 to double-check that the STUN/TURN message encoding algorithms work properly. Run the utility: @@ -564,15 +606,16 @@ and the peer. Check the README.* files and the comments in the scripts relay.sh and secure_relay.sh as a guidance how to run the TURN server. -X. OS X compilation notes +XI. OS X compilation notes OS X usually has an older version of openssl supplied, with some Apple additions. The the "native" openssl will work, within its limitations, but the best option is to install a good fresh openssl development library, from http://www.openssl.org. You will have -to handle the dynamic linking of the generated binaries. +to handle the dynamic linking of the generated binaries, or use the +static linking (see the section OPENSSL). -XI. MS Windows and Cygwin support +XII. MS Windows and Cygwin support Currently, this project cannot be compiled under MS Windows. @@ -585,7 +628,7 @@ libevent2 runtime and libevent-devel packages. "Manual" libevent2 compilation and installation in Cygwin is not recommended and does not garantee a good outcome. -XII. CLIENT API LIBRARY. +XIII. CLIENT API LIBRARY. The compilation process will create lib/ sub-directory with libturnclient.a library. The header files for this library are located in include/turn/client/ @@ -594,7 +637,7 @@ TurnMsgLib.h header. An example of C++ code can be found in stunclient.c file. This file is compiled as a C++ program if C++ compiler is used, and as a C program if C compiler is used. -XIII. DOCS +XIV. DOCS After installation, the man page turnserver(1) must be available. The man page is located in man/man1 subdirectory. If you want to see the man page without @@ -606,7 +649,7 @@ HTML-formatted client library functions reference is located in docs/html subdirectory of the original archive tree. After the installation, it will be placed in PREFIX/share/doc/turnserver/html. -XIV. SQLite setup +XV. SQLite setup The site http://www.sqlite.org site has excellent extensive documentation. @@ -778,7 +821,7 @@ Fill in users, for example: $ bin/turnadmin -A -b "/var/db/turndb" -u gorst -p hero $ bin/turnadmin -A -b "/var/db/turndb" -u ninefingers -p youhavetoberealistic -XV. PostgreSQL setup +XVI. PostgreSQL setup The site http://www.postgresql.org site has excellent extensive documentation. For a quick-start guide, you can take a look into this page: @@ -902,7 +945,7 @@ Fill in users, for example: $ bin/turnadmin -A -e "host=localhost dbname=coturn user=turn password=turn" -u gorst -p hero $ bin/turnadmin -A -e "host=localhost dbname=coturn user=turn password=turn" -u ninefingers -p youhavetoberealistic -XVI. MySQL (MariaDB) setup +XVII. MySQL (MariaDB) setup The MySQL setup is similar to PostgreSQL (same idea), and is well documented on their site http://www.mysql.org. The TURN Server database schema is the @@ -985,7 +1028,7 @@ ca, capath, cert, key, cipher (see http://dev.mysql.com/doc/refman/5.1/en/ssl-options.html for the command options description). -XVII. MongoDB setup +XVIII. MongoDB setup The MongoDB setup is well documented on their site http://docs.mongodb.org/manual/. @@ -1017,7 +1060,7 @@ explanations for the Postgres, for example. See the file testmongosetup.sh for the database structure examples. -XVIII. Redis setup +XIX. Redis setup The Redis setup is well documented on their site http://redis.io. The TURN Server Redis database schema description can be found @@ -1088,20 +1131,20 @@ Redis TURN admin commands: See the file testredisdbsetup.sh for the data structure examples. -XIX. Performance tuning +XX. Performance tuning This topic is covered in the wiki page: http://code.google.com/p/coturn/wiki/turn_performance_and_load_balance -XX. TURN Server setup +XXI. TURN Server setup Read the project wiki pages: http://code.google.com/p/coturn/w/list Also, check the project from page links to the TURN/WebRTC configuration examples. It may give you an idea how it can be done. -XXI. Management interface +XXII. Management interface You have a telnet interface (enabled by default) to access the turnserver process, to view its state, to gather some statistical information, and to make some changes @@ -1117,3 +1160,11 @@ or ::1). The CLI may have a password configured, but that password is transferred over the network unencrypted, too. So sticking to the local system CLI access, and accessing the turnserver system terminal with ssh only, would be a wise decision. + +XXIII. ALPN support. + +Starting with version 4.3.2.1, the TURN server supports the ALPN STUN +specifications (http://tools.ietf.org/html/draft-ietf-tram-alpn-08). +If the ALPN functionality is needed, then OpenSSL version 1.0.2 or +newer has to be used. See OPENSSL section for the OpenSSL upgrade hints. + \ No newline at end of file