Galène videoconference server

Galène is a videoconference server (an “SFU”) that is easy to deploy and that requires very moderate server resources. It was originally designed for lectures, conferences and student tutorials, but it is also useful for traditional meetings. Galène has been used in production at two major universities (Université de Paris and Sorbonne Université) for lectures, practicals, seminars, and for staff meetings. It has been used to host a number of conferences (including SOCS'2020, JFLA'2021 and LibrePlanet 2024).

Galène's server side is implemented in Go, and uses the Pion implementation of WebRTC. The server is portable: it is tested on Linux/amd64 and Linux/arm64, and also runs on Linux/armv7, Linux/mips (OpenWRT), Mac OS X, and Windows. The default client is implemented in Javascript, and works on recent versions of all major web browsers, both on desktop and mobile (but see the FAQ for caveats with specific browsers).

While traffic is encrypted and authenticated from sender to server and again from server to receiver, Galène does not perform end-to-end encryption: anyone who controls the server might, in principle, be able to access the data being exchanged. For best privacy, you should install your own server (either manually or through Yunohost).

Galène's is not the only self-hosted WebRTC server. High-quality alternatives include Janus and Jitsi.

Galène is free and open source software, subject to the MIT licence. Galène's development was previously supported by Nexedi, and is currently being supported by NLNet's NGI0Core program.

Demo

Go to https://galene.org:8443 and choose public. You may log in with an empty password. If you need a slightly more private group, type public/whatever in the dialog box, for whatever value of whatever.

In order to invite other users, click on your username in the left pane and choose Invite user.

Source code

git clone https://github.com/jech/galene

Quick installation

git clone https://github.com/jech/galene cd galene CGO_ENABLED=0 go build -ldflags='-s -w' mkdir groups echo '{"users": {"bob":{"password":"secret", "permissions":"op"}}}' > groups/example.json ./galene &

Point your browser at https:/localhost:8443/group/example/, ignore the unknown certificate warning, and log in with username bob and password secret.

Documentation

Mailing list

Mailing list archives, Atom feed.

Please subscribe to the galene at lists.galene.org mailing list. This list is both for user questions and development of Galène.

Installation

Get the source code by doing

git clone https://github.com/jech/galene
then check the included INSTALL file.

Community-provided packages

These packages are provided by users, and have not necessarily been verified by Galène's author.

Related software

Specialised clients

Authentication services

Alternate frontends and management software

Features

Server features

The server is complete:

Client features

Default Javascript client

The web browser frontend is functional:

A number of features are currently only available as commands to be typed in the chat window (type /help for help).

Native Android client

There is an audio-only native Android client for Galene. The web client is usually a better choice, but the native client supports screensharing, which is not possible in a mobile browser. The client is expected to work on all devices running Android 6 or later.

Server robustness and scalability

For a typical lecture (100 students), Galène needs roughly 1/4 of a CPU core.

For one-to-many communication (lectures), the behaviour is linear, and Galène should be able to serve about 300 participants per core. For many-to-many communication (meetings), the behaviour is quadratic (the server load grows as the square of the number of participants), expect to be able to handle on the order of 20 participants in a single meeting on one core, 40 on four cores (and of course way more if some participants don't switch their camera on — we've had staff meetings with forty participants or so, but only a few had their cameras switched on at a given time).

The failure mode is reasonable: when the server is overloaded, the videos freeze. The server recovers as soon as people start switching their cameras off.

Security model

Galène assumes that the server is trusted: all media is decrypted by the server and reencrypted before it is sent to the clients. This is, as far as I know, unavoidable with DTLS-SRTP, the security mechanism used by WebRTC (yes, I know about insertable streams). On the other hand, since the client is not trusted, any bugs in the client code should in principle not create security issues. Thus, it is reasonable to build user-friendly clients using the unscrutable Javascript frameworks that web developers tend to like.

Be aware however that I am neither a security specialist nor a competent system administrator, and I may have gotten something wrong.

Common questions and known issues

Frequently Asked Questions.