From 7ebac2e092206e50aa929f07a5307fd955f812da Mon Sep 17 00:00:00 2001
From: acgist <289547414@qq.com>
Date: Fri, 18 Nov 2022 08:26:33 +0800
Subject: [PATCH] [*]

---
 README.md                                     |  5 --
 docs/DEPLOY.md                                | 78 +++++++++++++++++++
 docs/assembly/test.xml                        | 58 --------------
 docs/bin/deploy.sh                            |  5 +-
 docs/bin/taoyao.service                       | 17 ++++
 pom.xml                                       | 32 --------
 .../boot/config/OpenApiAutoConfiguration.java | 30 ++++++-
 .../taoyao/boot/config/WebrtcProperties.java  | 10 +++
 .../src/main/resources/application-test.yml   |  3 -
 .../src/main/resources/application.yml        | 14 ++++
 10 files changed, 151 insertions(+), 101 deletions(-)
 create mode 100644 docs/DEPLOY.md
 delete mode 100644 docs/assembly/test.xml
 create mode 100644 docs/bin/taoyao.service
 delete mode 100644 taoyao-server/src/main/resources/application-test.yml

diff --git a/README.md b/README.md
index 261a3a5..2693412 100644
--- a/README.md
+++ b/README.md
@@ -71,8 +71,3 @@ MCU/SFU声音视频控制在服务端实现，如果没有终端订阅并且没
 
 终端推流到服务端，由服务端分流没有混音。
 
-## 证书
-
-```
-keytool -genkeypair -keyalg RSA -dname "CN=localhost, OU=acgist, O=taoyao, L=GZ, ST=GD, C=CN" -alias taoyao -validity 3650 -ext ku:c=dig,keyE -ext eku=serverAuth -ext SAN=dns:localhost,ip:127.0.0.1 -keystore taoyao.jks -keypass 123456 -storepass 123456
-```
diff --git a/docs/DEPLOY.md b/docs/DEPLOY.md
new file mode 100644
index 0000000..4a93f10
--- /dev/null
+++ b/docs/DEPLOY.md
@@ -0,0 +1,78 @@
+# 部署
+
+## 源
+
+```
+cd /etc/yum.repos.d
+rm -rf *
+wget /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
+yum makecache
+```
+
+## 证书
+
+```
+keytool -genkeypair -keyalg RSA -dname "CN=localhost, OU=acgist, O=taoyao, L=GZ, ST=GD, C=CN" -alias taoyao -validity 3650 -ext ku:c=dig,keyE -ext eku=serverAuth -ext SAN=dns:localhost,ip:127.0.0.1 -keystore taoyao.jks -keypass 123456 -storepass 123456
+```
+
+## Linux句柄数量
+
+```
+vim /etc/security/limits.conf
+
+root soft nofile 655350
+root hard nofile 655350
+* soft nofile 655350
+* hard nofile 655350
+* soft nproc 655350
+* hard nproc 655350
+* soft core unlimited
+* hard core unlimited
+```
+
+## Linux内核优化
+
+```
+vim /etc/sysctl.conf
+
+net.ipv4.tcp_tw_reuse        = 1
+net.ipv4.tcp_tw_recycle      = 1
+net.ipv4.tcp_syncookies      = 1
+net.ipv4.tcp_fin_timeout     = 30
+net.ipv4.tcp_max_tw_buckets  = 8192
+net.ipv4.tcp_max_syn_backlog = 8192
+
+# 其他
+net.core.rmem_max
+net.core.rmem_default
+net.core.wmem_max
+net.core.wmem_default
+net.core.somaxconn           = 1024
+net.core.netdev_max_backlog  = 8092
+net.ipv4.udp_mem
+net.ipv4.udp_rmem
+net.ipv4.udp_wmem
+net.ipv4.tcp_mem             = 78643200 104857600 157286400
+net.ipv4.tcp_rmem            = 873200 1746400 3492800
+net.ipv4.tcp_wmem            = 873200 1746400 3492800
+
+sysctl -p
+```
+
+## 应用
+
+```
+```
+
+## 防火墙
+
+```
+firewall-cmd --zone=public --add-port=8888/tcp --permanent
+firewall-cmd --zone=public --add-port=45535-65535/tcp --permanent
+firewall-cmd --zone=public --add-port=45535-65535/udp --permanent
+
+firewall-cmd --reload
+firewall-cmd --list-ports
+firewall-cmd --zone=public --remove-port=45535-65535/tcp --permanent
+firewall-cmd --zone=public --remove-port=45535-65535/udp --permanent
+```
\ No newline at end of file
diff --git a/docs/assembly/test.xml b/docs/assembly/test.xml
deleted file mode 100644
index 61689d0..0000000
--- a/docs/assembly/test.xml
+++ /dev/null
@@ -1,58 +0,0 @@
-<assembly xmlns="http://maven.apache.org/ASSEMBLY/2.0.0"
-	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-	xsi:schemaLocation="http://maven.apache.org/ASSEMBLY/2.0.0 http://maven.apache.org/xsd/assembly-2.0.0.xsd">
-
-	<id>test</id>
-
-	<formats>
-		<format>dir</format>
-	</formats>
-
-	<includeBaseDirectory>false</includeBaseDirectory>
-
-	<fileSets>
-		<fileSet>
-			<directory>${taoyao.maven.basedir}/docs</directory>
-			<outputDirectory>./</outputDirectory>
-			<includes>
-				<include>README.md</include>
-			</includes>
-		</fileSet>
-		<fileSet>
-			<directory>${taoyao.maven.basedir}/docs/bin</directory>
-			<outputDirectory>bin</outputDirectory>
-			<fileMode>0755</fileMode>
-			<filtered>true</filtered>
-		</fileSet>
-		<fileSet>
-			<directory>src/main/resources</directory>
-			<outputDirectory>config</outputDirectory>
-			<filtered>true</filtered>
-			<includes>
-				<include>*.yml</include>
-				<include>*.properties</include>
-			</includes>
-		</fileSet>
-		<fileSet>
-			<directory>src/main/resources</directory>
-			<outputDirectory>config</outputDirectory>
-			<includes>
-				<include>*.jks</include>
-			</includes>
-		</fileSet>
-		<fileSet>
-			<directory>target</directory>
-			<outputDirectory>logs</outputDirectory>
-			<excludes>
-				<exclude>**/*</exclude>
-			</excludes>
-		</fileSet>
-	</fileSets>
-
-	<dependencySets>
-		<dependencySet>
-			<outputDirectory>lib</outputDirectory>
-		</dependencySet>
-	</dependencySets>
-
-</assembly>
diff --git a/docs/bin/deploy.sh b/docs/bin/deploy.sh
index 12d42a3..80be3ee 100644
--- a/docs/bin/deploy.sh
+++ b/docs/bin/deploy.sh
@@ -31,5 +31,6 @@ fi
 cp -rf ${project.basedir}/target/${project.artifactId}-${project.version}/* $base/../deploy/${project.artifactId}
 
 # 启动服务
-cd $base/../deploy/${project.artifactId}
-sh bin/startup.sh
+#cd $base/../deploy/${project.artifactId}
+#sh bin/startup.sh
+systemctl restart taoyao
diff --git a/docs/bin/taoyao.service b/docs/bin/taoyao.service
new file mode 100644
index 0000000..f446872
--- /dev/null
+++ b/docs/bin/taoyao.service
@@ -0,0 +1,17 @@
+[Unit]
+Description=桃夭
+After=network.target
+Wants=network.target
+
+[Service]
+User=root
+Type=forking
+KillMode=process
+ExecStart=/data/taoyao/bin/startup.sh
+ExecReload=/bin/kill -HUP $MAINPID
+ExecStop=/bin/kill -QUIT $MAINPID
+Restart=always
+RestartSec=5s
+
+[Install]
+WantedBy=multi-user.target
diff --git a/pom.xml b/pom.xml
index f3da863..d441bff 100644
--- a/pom.xml
+++ b/pom.xml
@@ -383,38 +383,6 @@
 				</dependencies>
 			</dependencyManagement>
 		</profile>
-		<profile>
-			<id>test</id>
-			<properties>
-				<profile>test</profile>
-				<javacv.os.version>linux-x86_64</javacv.os.version>
-				<taoyao.maven.jvm.arg></taoyao.maven.jvm.arg>
-				<taoyao.maven.jvm.mem>-Xms512M -Xmx1024M -XX:NewRatio=1 -XX:SurvivorRatio=2</taoyao.maven.jvm.mem>
-			</properties>
-			<build>
-				<plugins>
-					<plugin>
-						<groupId>org.apache.maven.plugins</groupId>
-						<artifactId>maven-assembly-plugin</artifactId>
-						<configuration>
-							<descriptors>
-								<descriptor>${taoyao.maven.basedir}/docs/assembly/test.xml</descriptor>
-							</descriptors>
-						</configuration>
-					</plugin>
-				</plugins>
-			</build>
-			<dependencyManagement>
-				<dependencies>
-					<dependency>
-						<groupId>org.springdoc</groupId>
-						<artifactId>springdoc-openapi-ui</artifactId>
-						<version>${springdoc.version}</version>
-						<scope>provided</scope>
-					</dependency>
-				</dependencies>
-			</dependencyManagement>
-		</profile>
 		<profile>
 			<id>release</id>
 			<properties>
diff --git a/taoyao-boot/src/main/java/com/acgist/taoyao/boot/config/OpenApiAutoConfiguration.java b/taoyao-boot/src/main/java/com/acgist/taoyao/boot/config/OpenApiAutoConfiguration.java
index 2de9c28..bd52a07 100644
--- a/taoyao-boot/src/main/java/com/acgist/taoyao/boot/config/OpenApiAutoConfiguration.java
+++ b/taoyao-boot/src/main/java/com/acgist/taoyao/boot/config/OpenApiAutoConfiguration.java
@@ -1,9 +1,12 @@
 package com.acgist.taoyao.boot.config;
 
+import java.net.InetAddress;
+import java.net.UnknownHostException;
 import java.util.List;
 
 import org.springdoc.core.GroupedOpenApi;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
 import org.springframework.context.annotation.Bean;
@@ -17,17 +20,22 @@ import io.swagger.v3.oas.models.info.Info;
 import io.swagger.v3.oas.models.info.License;
 import io.swagger.v3.oas.models.security.SecurityRequirement;
 import io.swagger.v3.oas.models.security.SecurityScheme;
+import io.swagger.v3.oas.models.servers.Server;
+import lombok.extern.slf4j.Slf4j;
 
 /**
  * 文档配置
  * 
  * @author acgist
  */
+@Slf4j
 @Profile("dev")
 @Configuration
 @ConditionalOnClass(OpenAPI.class)
 public class OpenApiAutoConfiguration {
 
+	@Value("${server.port:8888}")
+	private Integer port;
 	@Autowired
 	private TaoyaoProperties taoyaoProperties;
 
@@ -63,6 +71,7 @@ public class OpenApiAutoConfiguration {
 	public OpenAPI openAPI() {
 		return new OpenAPI()
 			.info(this.buildInfo())
+			.servers(this.buildServers())
 			.security(this.buildSecurity())
 			.components(this.buildComponents());
 	}
@@ -97,11 +106,30 @@ public class OpenApiAutoConfiguration {
 			.url("https://www.apache.org/licenses/LICENSE-2.0.html");
 	}
 
+	/**
+	 * @return 服务器的信息
+	 */
+	private List<Server> buildServers() {
+		try {
+			return List.of(
+				new Server()
+				.url(String.format("https://%s:%d", InetAddress.getLocalHost().getHostAddress(), this.port))
+				.description(this.taoyaoProperties.getDescription())
+			);
+		} catch (UnknownHostException e) {
+			log.error("获取服务器的信息异常", e);
+		}
+		return List.of();
+	}
+	
 	/**
 	 * @return 授权
 	 */
 	private List<SecurityRequirement> buildSecurity() {
-		return List.of(new SecurityRequirement().addList(SecurityProperties.BASIC));
+		return List.of(
+			new SecurityRequirement()
+			.addList(SecurityProperties.BASIC)
+		);
 	}
 	
 	/**
diff --git a/taoyao-boot/src/main/java/com/acgist/taoyao/boot/config/WebrtcProperties.java b/taoyao-boot/src/main/java/com/acgist/taoyao/boot/config/WebrtcProperties.java
index 806b565..6f49d34 100644
--- a/taoyao-boot/src/main/java/com/acgist/taoyao/boot/config/WebrtcProperties.java
+++ b/taoyao-boot/src/main/java/com/acgist/taoyao/boot/config/WebrtcProperties.java
@@ -97,6 +97,16 @@ public class WebrtcProperties {
 	 */
 	@Schema(title = "信令地址", description = "信令地址")
 	private String websocket;
+	/**
+	 * 媒体最小端口
+	 */
+	@Schema(title = "媒体最小端口", description = "媒体最小端口")
+	private Integer minPort;
+	/**
+	 * 媒体最大端口
+	 */
+	@Schema(title = "媒体最大端口", description = "媒体最大端口")
+	private Integer maxPort;
 	
 	/**
 	 * 完整信令地址
diff --git a/taoyao-server/src/main/resources/application-test.yml b/taoyao-server/src/main/resources/application-test.yml
deleted file mode 100644
index 62fcb53..0000000
--- a/taoyao-server/src/main/resources/application-test.yml
+++ /dev/null
@@ -1,3 +0,0 @@
-taoyao:
-  security:
-    permit: /favicon.ico,/error
diff --git a/taoyao-server/src/main/resources/application.yml b/taoyao-server/src/main/resources/application.yml
index 3948293..c384cee 100644
--- a/taoyao-server/src/main/resources/application.yml
+++ b/taoyao-server/src/main/resources/application.yml
@@ -2,6 +2,7 @@ server:
   port: 8888
   http2:
     enabled: true
+  # 如果Nginx代理可以不用配置SSL提升性能
   ssl:
     key-alias: taoyao
     key-store: classpath:taoyao.jks
@@ -16,6 +17,8 @@ server:
       port-header: X-Forwarded-Port
       protocol-header: X-Forwarded-Proto
       remote-ip-header: X-Forwarded-For
+# servlet:
+#   context-path: /taoyao
 spring:
   profiles:
     active: dev
@@ -53,6 +56,7 @@ taoyao:
   id:
     sn: 0
     max-index: 999999
+  # 媒体配置
   media:
     audio:
       format: OPUS
@@ -64,6 +68,7 @@ taoyao:
       framerate: 24
       resolution: 1280*760
     quality: high|standard|quick
+  # WebRTC配置
   webrtc:
     model: SFU
     framework: JITSI
@@ -74,10 +79,19 @@ taoyao:
       - stun:stun4.l.google.com:19302
       - stun:stun.stunprotocol.org:3478
     turn:
+      - stun:stun1.l.google.com:19302
+      - stun:stun2.l.google.com:19302
+      - stun:stun3.l.google.com:19302
+      - stun:stun4.l.google.com:19302
+      - stun:stun.stunprotocol.org:3478
+    # 信令服务配置
     host: localhost
     port: ${server.port:8888}
     schema: wss
     websocket: /websocket.signal
+    # 媒体端口范围
+    min-port: 45535
+    max-port: 65535
   record:
     storage: /data/record
   security: