Galène videoconferencing server

Galène is a videoconferencing server that is easy to deploy (just copy a few files and run the binary) and that requires moderate server resources. It was originally designed for lectures and conferences (where a single speaker streams audio and video to hundreds or thousands of users), but later evolved to be useful for student practicals (where users are divided into many small groups), and meetings (where a few dozen users interact with each other).

Galène's server side is implemented in Go, and uses the Pion implementation of WebRTC. The server is regularly tested on Linux/amd64 and Linux/arm64, and has been reported to run on Windows; it should in principle be portable to other systems, including Mac OS X. The client is implemented in Javascript, and works on recent versions of all major web browsers, both on desktop and mobile (but see below for caveats with specific browsers).

While traffic is encrypted from sender to server and from server to client, Galène does not perform end-to-end encryption: anyone who controls the server might, in principle, be able to access the data being exchanged. For best security, you should install your own server.

Galène's is not the only self-hosted WebRTC server. Alternatives include Janus, Ion-SFU, and Jitsi.

Galène is free and open source software, subject to the MIT licence. Galène's development is supported by Nexedi, who fund Alain Takoudjou's work on the user interface.

Public server

You are welcome to check out our videoconferencing server. The group called Public doesn't require a password. This server is used in production, please don't overload it.

Source code

git clone https://github.com/jech/galene

Documentation

• README, installation and usage instructions;
• README.PROTOCOL, Galène's protocol;
• README.FRONTEND, writing new frontends;
• Galene's API, autogenerated documentation of the Javascript API;
• frequently asked questions.

Mailing list

Mailing list archives, Atom feed.

Pleae subscribe to the galene at lists.galene.org mailing list. This list is both for user questions and development of Galène.

Installation

Get the source code by doing

Features

Server features

The server is reasonably complete:

• redistribution of arbitrary numbers of audio and video streams;
• recording to disk;
• NACK-based loss recovery, in both the client → server and server → client directions;
• PLI-based repair;
• automatic restarting of failed flows (on ICE failure);
• congestion control in the server → client direction (both loss-based and using REMB indications);
• congestion control in the client → server direction (loss-based, partial REMB support);
• congestion control when the server is short on CPU;
• dynamic tuning of buffer sizes depending on the clients' RTT;
• hashed passwords.

The following server features are planned but haven't been implemented yet:

• a proper administrative interface (currently, administering the server requires manually editing configuration files);
• complete REMB-based congestion control in the client → server direction (more accurate reaction to congestion than the current loss-based algorithm);
• simulcasting, the ability to have multiple streams at different qualities and dynamically select which stream goes to which client based on congestion indications (doing this right depends on having very accurate congestion indications, so it's tricky);
• server federation (the ability to have one server in Europe, one server in North America, and have only one flow cross the Atlantic).

I am less sure about the following features:

• allowing peer-to-peer connections with end-to-end encryption for small groups;
• end-to-end encryption using insertable streams;
• transport-cc congestion control (it seems to me that it's equivalent to REMB, just more chatty).

Client features

The frontend is very usable:

• videoconferencing;
• text chat;
• good support for mobile;
• screen and window sharing, including sharing multiple windows;
• streaming video and audio from disk;
• activity detection.

A number of features are currently only available as commands to be typed in the chat window (type /help for help). We are working on making at least some of them available from the GUI.

If you don't like our frontend, it should be easy to roll your own. Human-readable outline. API documentation.

Server scalability

Galène is used in production in our department. In typical usage, it is limited by the CPU — memory and network throughput are usually not a problem.

For one-to-many communication (lectures), the behaviour is linear, and Galène should be able to serve about 400 participants per core. For many-to-many communication (meetings), the behaviour is quadratic (the server load grows as the square of the number of participants), expect to be able to handle on the order of 20 participants in a single meeting on one core, 40 on four cores (more if some participants don't switch their camera on).

Security model

Galène assumes that the server is trusted: all media is decrypted by the server and reencrypted before it is sent to the clients. This is, as far as I know, unavoidable with DTLS-SRTP, the security mechanism used by WebRTC. (Yes, I know about insertable streams.)

On the other hand, since the client is not trusted, any bugs in the client code should in principle not create security issues. Thus, it is reasonable to build user-friendly clients using the unscrutable Javascript frameworks that web developers tend to like.

Be aware however that I am neither a security specialist nor a competent system administator, and I may have gotten something wrong.

Common questions and known issues

Server issues

Galène says Loopback test failed

If you didn't configure a TURN server, this is expected, and nothing to worry about. If you did configure a TURN server, then this indicates that Galène is unable to reach the TURN server: this could be a DNS issue, an issue with the TURN server, or an issue with Galène.

Please check your TURN server's logs. If that yields nothing useful, try running

PION_LOG_TRACE=ice ./galene

Issues with specific browsers

Which browsers are supported?

We aim to support all recent browsers that support WebRTC, on both desktop and mobile. See the list of browsers supporting WebRTC.

• Support for Chrome/Chromium and Firefox is complete on Linux, Windows and Mac OS with the following caveats:
  • activity detection is not supported on Firefox;
  • the H.264 codec is not supported on Debian Linux (this is not an issue in the default configuration, which uses VP8);
• Chrome and Firefox work on both Android and iOS, with the following caveat:
  • screen sharing doesn't work on mobile browsers;
• Safari works on both Mac OS and iOS, with the following caveats:
  • Safari will pause a video at random times (e.g. after returning from full-screen mode); you will need to press play if that happens to you;
  • screen sharing is not supported on Safari for iOS;
  • only full-screen sharing is supported on Safari for Mac OS, sharing a single window is not supported;
  • the VP9 codec is not supported on some (most?) versions of Safari (this is not an issue in the default configuration, which uses VP8).

Screen sharing doesn't work under Mac OS X 10.15 (Catalina)

Go to System Preferences ⟶ Privacy and Security ⟶ Screen Recording, and grant the required permissions to your browser.

Screen sharing doesn't work on mobile

None of the currently available browsers for mobile support screen sharing. See the the list of browsers supporting screen sharing.

Screen sharing is erratic on Safari (desktop)

Safari's support for screen sharing is incomplete. Please use Firefox or Chrome for screensharing on Mac OS.

Safari on mobile refuses to connect to my server

Safari for iOS doesn't like self-signed certificates; you will need to use a TLS certificate signed by a CA trusted by iOS. There is no known workaround. See this issue for details.

Activity detection doesn't work on Firefox

Activity detection relies on the totalAudioEnergy statistic, which is not implemented in Firefox. Sorry.

How do I?

How do I display my slides?

Just pick your favourite PDF reader, scale it to a reasonable size, and share its window using the share screen button. I use µPDF. You may share multiple windows simultaneously (e.g. both a PDF with your slides and a drawing program).

Alternatively, open the PDF in a second browser tab, and share that tab.

How do I check whether my microphone works?

Just open the same group in two browser windows. Choose Present in one but not the other. Make sure you are using headphones.

How do I use two cameras simultaneously?

Open the same group in two distinct browser windows (or tabs). In the second window, select your second camera, disable the microphone, and choose Receive: nothing.

How do I record my lecture?

Make sure allow-recording is set in your group configuration. Log-in as an operator, then say /record before you start your lecture. Don't forget to say /unrecord at the end. You will find your recordings under https://server.example.com/recordings/groupname/.

Other questions

What are subgroups?

Subgroup's are Galène's replacement for what other videoconferencing software calls break-out groups; we have found them to be useful for student practicals, where students work in groups of 2 or 3 people. A subgroup of a group G is simply a group with a name of the form G/H, i.e. the name of G followed by a slash followed by a string H. The administrator can get the list of all active (non-empty) subgroups of the current group with the command /subgroups.

There are two ways to create subgroups. The first is to create them manually, just like ordinary groups: the subgroup G/H is defined by the file groups/G/H.json, i.e. file H.json in a subdirectory of the groups directory. The second is to specify 'allow-subgroups': true in G's definition file. When this flag is specified, any subgroup of G will automatically be created whenever somebody attempts to join it. The created subgroup's configuration is an (almost) exact copy of the supergroup's: identical usernames, passwords and permissions.

Why is my sound quality poor?

If you sound like you're under water, you are putting too much load on the echo suppressor. This is a problem on the sender side. Please use headphones; if that is not possible, reduce your speakers' volume or your microphone gain.

If your voice occasionally sounds like a robot in an old science-fiction movie, then you're suffering from more packet loss than the concealement algorithm can handle. This could be a problem on the sender side, on the receiver side, or both. Please use a wired connection, or at least avoid having a bearing wall between you and your access point.

What does the Blackboard mode do?

It increases the resolution and attempts to preserve detail at the cost of framerate. Your blackboard will be legible, but your movements might become choppy.

Can I set the resolution manually?

Yes, but it's an undocumented feature, and the UI may change at any time. In the chat window, type something like

Do you accept donations?

No, we don't (but thanks to all who asked). Please support your local homeless person, or make a donation to the charity of your choice (preferably a non-religious one).