Frequently Asked Questions about Galène

Server questions

What hardware should I use for running the server?

The server is written in portable Go code, and should run fine on any system that is supported by the Go compiler. For small deployments, even a small ARM board such as a Raspberry Pi or a BeagleBone should be sufficient. For best performance, you should use a system with the following features:

All AMD64 systems built in the last 15 years or so have hardware AES. Most ARM64 systems have hardware AES, with the notable exception of the Raspberry Pi 1 through 4 (the RPi 5 has hardware AES). Hardware AES is not used on 32-bit ARM even if the hardware supports it (this is a limitation of the Go runtime).

Most systems with wired Ethernet have good network connectivity, with the notable exception of the Raspberry Pi 1 through 3, which hang their Ethernet off a shared USB bus (the RPI 4 and 5 have competent Ethernet).

Galene needs little memory. It should run fine in 256 MB of RAM, and is rock solid with 512 MB.

How do I run Galene on port 443

On Unix-like systems, ports below 1024 are reserved for root. In order to run Galene on port 443, you need to give Galene the required permissions. On Linux systems, the capability CAP_NET_BIND_SERVICE is required.

For example, if you're using SystemD you may say something like:

AmbientCapabilities=CAP_NET_BIND_SERVICE ExecStart=/home/galene/galene -http :443

The server says Internal server error

This indicates that the server encountered an error that is not mapped to an HTTP error message. You will find the original error in the log. Please consider filing a bug if you feel that a more informative error message should have been produced.

How do I run Galène behind a reverse proxy?

Please see the installation instructions

Is it possible to run Galène within a Docker container?

It is possible, but it is not recommended. Galene is a single binary that can run as an ordinary user or within a chroot. Docker introduces a lot of complexity that is not required for running Galene, and, in particular, makes it difficult to configure high-performance network access.

Is it possible to authentify users using LDAP?

LDAP support is implemented in galene-ldap, which is a separate server that communicates with Galene over a custom protocol.

Galène says Loopback test failed

This indicates that Galène couldn't reach any TURN servers. If you're running the built-in TURN server, this may very well happen if you're behind NAT and your NAT device doesn't support hairpinning. Please don't run Galène behind NAT, or use a better NAT device, or use a TURN server that is not behind NAT.

If you are running an external TURN server, this probably indicates that there's something wrong with the TURN configuration; please check your TURN server's logs. You might get additional hints by running

PION_LOG_TRACE=ice ./galene

Galène says File descriptor limit is XXXX, this is too low

At startup, Galène attempts to raise its file descriptor limit to 65535. If it doesn't have the permissions to do so, it displays this warning. Galène should still work fine, but it will drop streams under load.

Please arrange to raise the file descriptor limit before Galène is launched. If using a shell script, say "ulimit -n 65535". If using SystemD, say "LimitNOFILE = 65535".

The browser displays a scary security warning

In order to authentify and encrypt communication between the clients and the server, Galène needs a data structure called a TLS server certificate. If a TLS certificate is not found on disk, Galène will generate one itself. This “self-signed” certificate is not known to the browsers, which are therefore unable to verify that it belongs to a trusted entity, and end up displaying a big red warning.

In order to avoid the warning, you will need to obtain an “official” certificate, registered with an entity that is trusted by the browsers, and make it available to Galène under data/cert.pem and data/key.pem; please see Galène's README for instructions.

I get my certificates from Let's Encrypt. After installing certbot and setting it up to renew certificates automatically, I set up a monthly cron job that does:

chmod go-rwx ~galene/data/ cp /etc/letsencrypt/live/galene.org/fullchain.pem ~galene/data/cert.pem cp /etc/letsencrypt/live/galene.org/privkey.pem ~galene/data/key.pem chown galene:galene ~galene/data/cert.pem ~galene/data/key.pem

A newly created group doesn't appear in the public groups list

Galene will notice the new group within 15 minutes at most. In order to get it to notice earlier, just access the group's page (https://galene.example.org/group/whatever/).

Questions about the default JavaScript client

Which browsers are supported?

We aim to work on any recent browser that implements WebRTC. See the list of browsers supporting WebRTC.

Screen sharing doesn't work under Mac OS X 10.15 (Catalina) or later

Go to System Preferences ⟶ Privacy and SecurityScreen Recording, and grant the required permissions to your browser.

Screen sharing doesn't work on mobile

None of the currently available browsers for mobile support screen sharing. See the the list of browsers supporting screen sharing. If you need to share your mobile device's screen, you may try the native Galene client for Android.

After I refuse access to the camera on Safari on mobile, I'm stuck

After you have refused access to the camera, Safari on mobile remembers your choice. You can get it to forget your choice by erasing the site's cookies (Settings⟶Safari⟶Advanced).

(Even though Galene doesn't use cookies.)

Safari on mobile refuses to connect to my server

Safari for iOS doesn't like self-signed certificates. You will need to use a TLS certificate signed by a CA trusted by iOS. Please see the question about TLS certificates above.

Activity detection doesn't work on Firefox

The needed API (totalAudioEnergy statistic) is not implemented in Firefox. There are some workarounds, but they would increase latency and processor load. Sorry.

Simulcast is disabled by defalt in Firefox

This is due to Firefox bug 1633876.

How do I...

How do I display my slides?

Just pick your favourite PDF reader, scale it to a reasonable size, and share its window using the share screen button. I use µPDF. You may share multiple windows simultaneously (e.g. both a PDF with your slides and a drawing program or a text editor).

Alternatively, open the PDF in a second browser tab, and share that tab.

Is there an integrated blackboard?

No. I usually use my favorite painting program, and share the window over Galene.

Tableaunoir is a competently done shared blackboard independent of Galene. It is free software.

How do I send a file?

Click on a name in the users' list, and choose Send file in the dropdown menu. Alternatively, type "/sendfile user" in the chat.

How do I play a video?

Click on your own name in the users' list, and choose Broadcast file.

How do I record my lecture?

Make sure allow-recording is set in your group configuration. Log-in as an operator, then say /record before you start your lecture. Don't forget to say /unrecord at the end. You will find your recordings under https://server.example.com/recordings/groupname/.

Other questions

What's an Op?

An Op (short for Operator) is a set of permissions similar to what other systems call a moderator. An Op can kick out users, allow users to present, temporarily lock the group, etc. Unlike an administrator, an Op is not allowed to change the group configuration or add new users.

What are subgroups?

Subgroups are Galene's replacement for what other videoconferencing software calls break-out groups; we have found them to be useful for student practicals, where students work in groups of 2 or 3 people. A subgroup of a group G is simply a group with a name of the form G/H, i.e. the name of G followed by a slash followed by a string H. The op can get the list of all active (non-empty) subgroups of the current group with the command /subgroups.

There are two ways to create subgroups. The first is to create them manually, just like ordinary groups: the subgroup G/H is defined by the file groups/G/H.json, i.e. file H.json in a subdirectory G/ of the groups directory.

The second is to request that they be created automatically by specifying "auto-subgroups": true in G's definition file. When this flag is specified, any subgroup of G will automatically be created whenever somebody attempts to join it. The automatically created subgroup's configuration is an (almost) exact copy of the supergroup's: identical usernames, passwords and permissions.

Why is my sound quality poor?

If you sound like you're under water, you are putting too much load on the echo suppressor. This is a problem on the sender side. Please use headphones; if that is not possible, reduce your speakers' volume or your microphone gain.

If your voice occasionally sounds like a robot in an old science-fiction movie (or a vocoder), then you're suffering from more packet loss than the concealement algorithm can handle. This could be a problem on the sender side, on the receiver side, or both. Please use a wired connection, or at least avoid having a bearing wall between you and your access point.

If you are trying to use Galene for music, open the side menu and choose “high quality audio”. If you're using high-quality recording hardware in a silent environment, you may also experiment with disabling “Noise suppresion”.

What does the Blackboard mode do?

It increases the resolution and attempts to preserve detail at the cost of framerate. Your blackboard will be legible, but your movements might become choppy.

Can I use Galene with OBS Studio

Yes.

OBS Studio 30 has native support for the WISH protocol, which is also implemented by Galene. In order to use the native support, make sure that the group allows the H.264 codec (the codecs entry should contain h264), then point OBS Studio at the URL https://galene.example.org/group/name/.whip.

If the group requires authentication, you will need to configure OBS with a token. Log into the group as op, then choose Invite user in the group menu (click on your own name in the users list). This will generate a link that ends in "?token=XXX", the bit after "token=" is your token.

If you are using an older version of OBS Studio, or you cannot reconfigure the group to allow H.264, then you may use galene-stream to recode your stream.

Can I manually set the resolution that I send ?

Yes, but it's an undocumented, top-secret feature. In the chat window, type something like

/set resolution [1024, 768]
then restart your video (hit Enable then Disable).

Do you accept donations?

No, we don't (but thanks to all who asked). Please support Ukraine instead, by donating for example to: