The server is written in portable Go code, and should run fine on any system that is supported by the Go compiler. For small deployments, even a small ARM board such as a Raspberry Pi or a BeagleBone should be sufficient. For best performance, you should use a system with the following features:
All AMD64 systems built in the last 15 years or so have hardware AES. Most ARM64 systems have hardware AES, with the notable exception of the Raspberry Pi 1 through 4 (the RPi 5 has hardware AES). Hardware AES is not used on 32-bit ARM even if the hardware supports it (this is a limitation of the Go runtime).
Most systems with wired Ethernet have good network connectivity, with the notable exception of the Raspberry Pi 1 through 3, which hang their Ethernet off a shared USB bus (the RPI 4 and 5 have competent Ethernet).
Galene needs little memory. It should run fine in 256 MB of RAM, and is rock solid with 512 MB.
On Unix-like systems, ports below 1024 are reserved for root. In order to run Galene on port 443, you need to give Galene the required permissions. On Linux systems, the capability CAP_NET_BIND_SERVICE is required.
For example, if you're using SystemD you may say something like:
This indicates that the server encountered an error that is not mapped to an HTTP error message. You will find the original error in the log. Please consider filing a bug if you feel that a more informative error message should have been produced.
Please see the installation instructions
It is possible, but it is not recommended. Galene is a single binary that can run as an ordinary user or within a chroot. Docker introduces a lot of complexity that is not required for running Galene, and, in particular, makes it difficult to configure high-performance network access.
LDAP support is implemented in galene-ldap, which is a separate server that communicates with Galene over a custom protocol.
This indicates that Galène couldn't reach any TURN servers. If you're running the built-in TURN server, this may very well happen if you're behind NAT and your NAT device doesn't support hairpinning. Please don't run Galène behind NAT, or use a better NAT device, or use a TURN server that is not behind NAT.
If you are running an external TURN server, this probably indicates that there's something wrong with the TURN configuration; please check your TURN server's logs. You might get additional hints by running
PION_LOG_TRACE=ice ./galene
At startup, Galène attempts to raise its file descriptor limit to 65535. If it doesn't have the permissions to do so, it displays this warning. Galène should still work fine, but it will drop streams under load.
Please arrange to raise the file descriptor limit before Galène is
launched. If using a shell script, say "ulimit -n 65535".
If using SystemD, say "LimitNOFILE = 65535".
In order to authentify and encrypt communication between the clients and the server, Galène needs a data structure called a TLS server certificate. If a TLS certificate is not found on disk, Galène will generate one itself. This “self-signed” certificate is not known to the browsers, which are therefore unable to verify that it belongs to a trusted entity, and end up displaying a big red warning.
In order to avoid the warning, you will need to obtain an “official”
certificate, registered with an entity that is trusted by the browsers, and
make it available to Galène under data/cert.pem
and data/key.pem; please see
Galène's README for
instructions.
I get my certificates from Let's
Encrypt. After installing certbot and setting it up to
renew certificates automatically, I set up a monthly cron job that does:
Galene will notice the new group within 15 minutes at most. In order
to get it to notice earlier, just access the group's page
(https://galene.example.org/group/whatever/).
We aim to work on any recent browser that implements WebRTC. See the list of browsers supporting WebRTC.
Go to System Preferences ⟶ Privacy and Security ⟶ Screen Recording, and grant the required permissions to your browser.
None of the currently available browsers for mobile support screen sharing. See the the list of browsers supporting screen sharing. If you need to share your mobile device's screen, you may try the native Galene client for Android.
After you have refused access to the camera, Safari on mobile remembers your choice. You can get it to forget your choice by erasing the site's cookies (Settings⟶Safari⟶Advanced).
(Even though Galene doesn't use cookies.)
Safari for iOS doesn't like self-signed certificates. You will need to use a TLS certificate signed by a CA trusted by iOS. Please see the question about TLS certificates above.
The needed API (totalAudioEnergy statistic) is not
implemented in Firefox. There are some workarounds, but they would
increase latency and processor load. Sorry.
Just pick your favourite PDF reader, scale it to a reasonable size, and share its window using the share screen button. I use µPDF. You may share multiple windows simultaneously (e.g. both a PDF with your slides and a drawing program or a text editor).
Alternatively, open the PDF in a second browser tab, and share that tab.
No. I usually use my favorite painting program, and share the window over Galene.
Tableaunoir is a competently done shared blackboard independent of Galene. It is free software.
Click on a name in the users' list, and choose Send file in
the dropdown menu. Alternatively, type "/sendfile user" in
the chat.
Click on your own name in the users' list, and choose Broadcast file.
Make sure allow-recording is set in your group
configuration. Log-in as an operator, then say /record
before you start your lecture. Don't forget to say /unrecord
at the end. You will find your recordings under
https://server.example.com/recordings/groupname/.
An
Subgroups are Galene's replacement for what other videoconferencing
software calls break-out groups; we have found them to be useful
for student practicals, where students work in groups of 2 or 3 people.
A subgroup of a group G is simply a group with a name of the
form G/H, i.e. the name of G followed by a slash
followed by a string H. The op can get the list of all active
(non-empty) subgroups of the current group with the command
/subgroups.
There are two ways to create subgroups. The first is to create them
manually, just like ordinary groups: the subgroup G/H is defined
by the file groups/G/H.json,
i.e. file H.json in a subdirectory G/ of
the groups directory.
The second is to request that they be created automatically by
specifying "auto-subgroups": true in G's definition
file. When this flag is specified, any subgroup of G will
automatically be created whenever somebody attempts to join it. The
automatically created subgroup's configuration is an (almost) exact copy
of the supergroup's: identical usernames, passwords and permissions.
If you sound like you're under water, you are putting too much load on the echo suppressor. This is a problem on the sender side. Please use headphones; if that is not possible, reduce your speakers' volume or your microphone gain.
If your voice occasionally sounds like a robot in an old science-fiction movie (or a vocoder), then you're suffering from more packet loss than the concealement algorithm can handle. This could be a problem on the sender side, on the receiver side, or both. Please use a wired connection, or at least avoid having a bearing wall between you and your access point.
If you are trying to use Galene for music, open the side menu and choose “high quality audio”. If you're using high-quality recording hardware in a silent environment, you may also experiment with disabling “Noise suppresion”.
It increases the resolution and attempts to preserve detail at the cost of framerate. Your blackboard will be legible, but your movements might become choppy.
Yes.
OBS Studio 30 has native support for the WISH protocol, which is also
implemented by Galene. In order to use the native support, make sure that
the group allows the H.264 codec (the codecs entry should
contain h264), then point OBS Studio at the
URL https://galene.example.org/group/name/.whip.
If the group requires authentication, you will need to configure OBS
with a token. Log into the group as op, then choose Invite
user in the group menu (click on your own name in the users list).
This will generate a link that ends in "?token=XXX", the bit
after "token=" is your token.
If you are using an older version of OBS Studio, or you cannot reconfigure the group to allow H.264, then you may use galene-stream to recode your stream.
Yes, but it's an undocumented, top-secret feature. In the chat window, type something like
No, we don't (but thanks to all who asked). Please support Ukraine instead, by donating for example to: