参考这位大佬的文章https://blog.csdn.net/jia2719/article/details/87345724

同时结合部署过程中遇到的一些问题，总结出下面的部署流程，用到的CentOS7的版本是

CentOS-7-x86_64-DVD-2009

#安装必要插件
yum install -y epel-release && \
yum update -y && \
yum install -y deltarpm && \
yum install -y openssh-server sudo which file curl zip unzip wget && \
yum install -y libmicrohttpd-devel jansson-devel libnice-devel glib22-devel opus-devel libogg-devel pkgconfig  gengetopt libtool autoconf automake make gcc gcc-c++ git cmake libconfig-devel openssl-devel

#安装 libsrtp 1.5.4
wget https://github.com/cisco/libsrtp/archive/v1.5.4.tar.gz
tar xfv v1.5.4.tar.gz
cd libsrtp-1.5.4
./configure --prefix=/usr --enable-openssl
make shared_library && sudo make install

#安装 libsrtp 2.0.0
wget https://github.com/cisco/libsrtp/archive/v2.0.0.tar.gz
tar xfv v2.0.0.tar.gz
cd libsrtp-2.0.0
./configure --prefix=/usr --enable-openssl
make shared_library && sudo make install

#安装 sofia-sip
wget https://sourceforge.net/projects/sofia-sip/files/sofia-sip/1.12.11/sofia-sip-1.12.11.tar.gz
tar zxf sofia-sip-1.12.11.tar.gz && cd sofia-sip-1.12.11 && ./configure --prefix=/usr CFLAGS=-fno-aggressive-loop-optimizations && make && make install

#安装 usrsctp
git clone https://github.com/sctplab/usrsctp && cd usrsctp && \
./bootstrap && \
./configure --prefix=/usr && make && make install#如果git clone报超时或者其他错误，试试看clone的地址前面加上 https://ghproxy.com/
#即执行git clone https://ghproxy.com/https://github.com/sctplab/usrsctp

#安装 libwebsocket
git clone https://github.com/warmcat/libwebsockets && \
mkdir libwebsockets/build && cd libwebsockets/build && \
cmake -DMAKE_INSTALL_PREFIX:PATH=/usr -DCMAKE_C_FLAGS="-fpic" .. && \
make && make install

#升级gcc版本到7，不然后面可能会报错
sudo yum install -y centos-release-scl
sudo yum install -y scl-utils-build
sudo yum install -y devtoolset-7-gcc*
sudo yum install -y devtoolset-7-gdb*scl enable devtoolset-7 bash
gcc --version

#安装ice库
yum install meson
git clone https://gitee.com/mirrors/libnice
cd libnice
meson --prefix=/usr build && ninja -C build && sudo ninja -C build install

#下面安装libmicrohttpd用于janus提供http服务，不装的话，janus配置文件里面会没有janus.transport.http.jcfg这个配置
wget https://ftp.gnu.org/gnu/nettle/nettle-3.4.tar.gz
tar zxvf nettle-3.4.tar.gz
cd nettle-3.4
./configure --prefix=/usr/
make
make check #测试一下
make installwget ftp://ftp.gnutls.org/gcrypt/gnutls/v3.5/gnutls-3.5.9.tar.xz
tar xvf gnutls-3.5.9.tar.xz
cd gnutls-3.5.9
PKG_CONFIG_PATH=/usr/local/lib64/pkgconfig
./configure --with-included-libtasn1 --with-included-unistring --without-p11-kit
sudo make && sudo make installwget https://ftp.gnu.org/gnu/libmicrohttpd/libmicrohttpd-0.9.71.tar.gz
tar zxf libmicrohttpd-0.9.71.tar.gz
cd libmicrohttpd-0.9.71/
./configure --with-ssl  --enable-https=yes
make && sudo make install
export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig

#安装nginx
yum install nginx
#启动nginx
systemctl start nginx.service#生成https证书,安装认证要填写一些信息，直接都回车就行了
mkdir /etc/nginx/ssl
openssl req -x509 -nodes -days 36500 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt

#配置nginx
vi /etc/nginx/conf.d/default.conf
#然后重启nginx#default.conf的内容为
server {listen       80;listen  *:443  ssl;server_name  localhost;location / {root /opt/janus/share/janus/demos;index index.html index.htm index.php;}error_page   500 502 503 504  /50x.html;location = /50x.html {root   /usr/share/nginx/html;}ssl_certificate /etc/nginx/ssl/nginx.crt; #就是上面https证书的位置ssl_certificate_key /etc/nginx/ssl/nginx.key;#就是上面https证书的位置
}

#最后安装janus
#Janus
#if cannot configure plugin sofia,Perhaps you should add the directory containing `sofia-sip-ua.pc' to the PKG_CONFIG_PATH environment variable,
#for example centos7 :export PKG_CONFIG_PATH=$PKG_CONFIG_PATH:/usr/lib/pkgconfigexport PKG_CONFIG_PATH=$PKG_CONFIG_PATH:/usr/lib/pkgconfig
#if cannot load libsofia-sip-ua.so.0 , try ldconfig -v
git clone https://github.com/meetecho/janus-gateway.git && \
cd janus-gateway &&\
sh autogen.sh && \
./configure --prefix=/opt/janus --disable-rabbitmq --disable-docs --disable-libsrtp2  &&\
make && make install && make configs#然后执行下面两条指令 （这步应该是必须的）
ldconfig
export LD_LIBRARY_PATH=/usr/local/lib

#修改janus里的配置
cd /opt/janus/etc/janus
#主要修改这几个配置文件
#janus.jcfg
#janus.transport.http.jcfg
#janus.transport.websockets.jcfg#修改的内容为#janus.jcfg
certificates: {cert_pem = "/etc/nginx/ssl/nginx.crt"cert_key = "/etc/nginx/ssl/nginx.key"#cert_pwd = "secretpassphrase"#ciphers = "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256"
}#janus.transport.http.jcfg
general: {#events = true                                  # Whether to notify event handlers about transport events (default=true)json = "indented"                               # Whether the JSON messages should be indented (default),base_path = "/janus"                    # Base path to bind to in the web server (plain HTTP only)http = true                                             # Whether to enable the plain HTTP interfaceport = 8088                                             # Web server HTTP port#interface = "eth0"                             # Whether we should bind this server to a specific interface only#ip = "192.168.0.1"                             # Whether we should bind this server to a specific IP address (v4 or v6) onlyhttps = true                                    # Whether to enable HTTPS (default=false)secure_port = 8089                              # Web server HTTPS port, if enabled#secure_interface = "eth0"              # Whether we should bind this server to a specific interface only#secure_ip = "192.168.0.1"              # Whether we should bind this server to a specific IP address (v4 or v6) only#acl = "127.,192.168.0."                # Only allow requests coming from this comma separated list of addresses#mhd_connection_limit = 1020            # Open connections limit in libmicrohttpd (default=1020)#mhd_debug = false                                      # Ask libmicrohttpd to write warning and error messages to stderr (default=false)
}admin: {admin_base_path = "/admin"                      # Base path to bind to in the admin/monitor web server (plain HTTP only)admin_http = true                                       # Whether to enable the plain HTTP interfaceadmin_port = 7088                                       # Admin/monitor web server HTTP port#admin_interface = "eth0"                       # Whether we should bind this server to a specific interface only#admin_ip = "192.168.0.1"                       # Whether we should bind this server to a specific IP address (v4 or v6) onlyadmin_https = true                                      # Whether to enable HTTPS (default=false)admin_secure_port = 7889                        # Admin/monitor web server HTTPS port, if enabled#admin_secure_interface = "eth0"        # Whether we should bind this server to a specific interface only#admin_secure_ip = "192.168.0.1"        # Whether we should bind this server to a specific IP address (v4 or v6) only#admin_acl = "127.,192.168.0."          # Only allow requests coming from this comma separated list of addresses
}certificates: {cert_pem = "/etc/nginx/ssl/nginx.crt"cert_key = "/etc/nginx/ssl/nginx.key"#cert_pwd = "secretpassphrase"#ciphers = "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256"
}#janus.transport.websockets.jcfg
general: {#events = true                                  # Whether to notify event handlers about transport events (default=true)json = "indented"                               # Whether the JSON messages should be indented (default),#pingpong_trigger = 30                  # After how many seconds of idle, a PING should be sent#pingpong_timeout = 10                  # After how many seconds of not getting a PONG, a timeout should be detectedws = true                               ws_port = 8188                                  # WebSockets server port#ws_interface = "eth0"                  # Whether we should bind this server to a specific interface only#ws_ip = "192.168.0.1"                  # Whether we should bind this server to a specific IP address only#ws_unix = "/run/ws.sock"               # Use WebSocket server over UNIX socket instead of TCPwss = true                                              # Whether to enable secure WebSocketswss_port = 8989                         # WebSockets server secure port, if enabled#wss_interface = "eth0"                 # Whether we should bind this server to a specific interface only#wss_ip = "192.168.0.1"                 # Whether we should bind this server to a specific IP address only#wss_unix = "/run/wss.sock"             # Use WebSocket server over UNIX socket instead of TCP#ws_logging = "err,warn"                # libwebsockets debugging level as a comma separated list of things#ws_acl = "127.,192.168.0."             # Only allow requests coming from this comma separated list of addresses
}admin: {admin_ws = false                                        # Whether to enable the Admin API WebSockets APIadmin_ws_port = 7188                            # Admin API WebSockets server port, if enabled#admin_ws_interface = "eth0"            # Whether we should bind this server to a specific interface only#admin_ws_ip = "192.168.0.1"            # Whether we should bind this server to a specific IP address only#admin_ws_unix = "/run/aws.sock"        # Use WebSocket server over UNIX socket instead of TCPadmin_wss = true                                        # Whether to enable the Admin API secure WebSocketsadmin_wss_port = 7989                           # Admin API WebSockets server secure port, if enabled#admin_wss_interface = "eth0"           # Whether we should bind this server to a specific interface only#admin_wss_ip = "192.168.0.1"           # Whether we should bind this server to a specific IP address only#admin_wss_unix = "/run/awss.sock"      # Use WebSocket server over UNIX socket instead of TCP#admin_ws_acl = "127.,192.168.0."       # Only allow requests coming from this comma separated list of addresses
}certificates: {cert_pem = "/etc/nginx/ssl/nginx.crt"cert_key = "/etc/nginx/ssl/nginx.key"#cert_pwd = "secretpassphrase"#ciphers = "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256"
}#修改前端页面的配置,把请求方式改成websocket的，如果是用原来https请求的话，要重新调整过nginx的配置，不然会阻塞超时,页面中会报net::ERR_INCOMPLETE_CHUNKED_ENCODING 200 (OK)这个错
cd /opt/janus/share/janus/demos
vi setting.js
var server = "wss://" + window.location.hostname + ":8989/janus";

#针对上面https交互的问题，nginx配置需要做如下调整 增加 location /janus   location /admin   和   location ~ \.() 三个配置
#然后重启nginxserver {listen       80;listen  *:443  ssl;server_name  localhost;location / {root /opt/janus/share/janus/demos;index index.html index.htm index.php;}location /janus {proxy_set_header Host $host:$server_port;proxy_set_header X-Real-IP $remote_addr;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;proxy_pass http://your_ip:8088/janus; #要正确填写你服务器的ip地址}location /admin {proxy_set_header Host $host:$server_port;proxy_set_header X-Real-IP $remote_addr;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;proxy_pass http://your_ip:7088/admin; #要正确填写你服务器的ip地址}location ~ \.(bmp|gif|jpg|png|css|js|cur|flv|ico|swf|doc|pdf|html)$ {root /opt/janus/share/janus/demos;expires 1d;}error_page   500 502 503 504  /50x.html;location = /50x.html {root   /usr/share/nginx/html;}ssl_certificate /etc/nginx/ssl/nginx.crt;ssl_certificate_key /etc/nginx/ssl/nginx.key;
}#然后修改setting.js中server的值。
#var server = "/janus";#这样就可以正常通过https交互访问了，如果页面还报一个502Bad Way的问题，同时nginx里面报了一个connect() to ip:8088 failed (13: Permission denied) while connecting to upstream的错，原因是SELinux限制了nginx对外访问的权限，执行下面操作#查网络访问的配置
getsebool -a | grep httpd_can_network_connect
#如果出现如下结果
#httpd_can_network_connect --> off
#则执行如下命令取消限制：
#SELinux命令，临时配置，重启后失效
setsebool httpd_can_network_connect=1
#写入配置文件的命令，重启后保留，推荐这种方式
setsebool -P httpd_can_network_connect 1

#最后到/opt/janus/bin 下启动janus，如果看到刚刚配置的几个端口成功启动了那就说明可以了，以上的配置可能并不是都要改，主要就是websocket配置那个wss = false改为true， 启用8989那个端口和http配置的https = false 改为true，启用8089端口 。同时涉及到certificates这个配置应该是一定要改的。
#页面访问 https://your_ip/index.html./janus