The server is written in portable Go code. It should run fine on any system that is supported by the Go compiler or by gccgo.
For best performance, you should use a system with hardware support for AES encryption; with Go, this means either AMD64 or ARM64 with hardware support for AES. Note that the Raspberry Pi does not have hardware AES, even in 64-bit mode. Note further that Go will not use accelerated AES on 32-bit ARM, even if supported by the hardware.
Galene needs little memory -- it should run fine in 256 MB of RAM, and is rock solid with 512 MB.
On Unix-like systems, ports below 1024 are reserved for root. In order to run Galene on port 443, you need to give Galene the required permissions. On Linux systems, the capability CAP_NET_BIND_SERVICE is required.
For example, if you're using SystemD you may say something like:
Please see the installation instructions
It is possible, but it is not recommended.
Galene is a single binary that can run as an ordinary user or within a chroot. Docker introduces a lot of complexity that is not required for running Galene, and, in particular, makes it difficult to configure high-performance network access.
LDAP support is implemented in galene-ldap, which is a separate server that communicaes with Galene over a custom protocol. This separation means that Galene itself doesn't need to know any LDAP credentials, only galene-ldap does.
This indicates that Galène couldn't reach any TURN servers. If you're running the built-in TURN server, this may very well happen if you're behind NAT and your NAT device doesn't support hairpinning. Please don't run Galène behind NAT, or use a better NAT device, or use a TURN server that is not behind NAT.
If you are running an external TURN server, this probably indicates that there's something wrong with the TURN configuration; please check your TURN server's logs. You might get additional hints by running
PION_LOG_TRACE=ice ./galene
At startup, Galène attempts to raise its file descriptor limit to 65535. If it doesn't have the permissions to do so, it displays this warning. Galène should still work fine, but it might start dropping streams under load.
Please arrange to raise the file descriptor limit before Galène is
launched. If using a shell script, say "ulimit -n 65536
".
If using SystemD, use the LimitNOFILE
directive.
In order to authentify and encrypt communication between the clients and the server, Galène needs a data structure called a TLS server certificate. If a TLS certificate is not found on disk, Galène will generate one itself. This “self-signed” certificate is not known to the browsers, which are therefore unable to verify that it belongs to a trusted entity, and end up displaying a big red warning.
(Which is silly. Browsers don't display the warning for plain HTTP, which is completely insecure, but do display the warning for encrypted communication using self-signed certificates.)
In order to avoid the warning, you will need to obtain an “official”
certificate, registered with an entity that is trusted by the browsers, and
make it available to Galène under data/cert.pem
and data/key.pem
; please see
Galène's README for
instructions.
I get my certificates from Let's
Encrypt. After installing certbot
and setting it up to
renew certificates automatically, I do
Galene will notice the new group within 15 minutes at most. In order
to get it to notice earlier, just access the group's page
(https://galene.example.org/group/whatever/
).
We aim to work on any recent browser that implements WebRTC. See the list of browsers supporting WebRTC.
Go to System Preferences ⟶ Privacy and Security ⟶ Screen Recording, and grant the required permissions to your browser.
None of the currently available browsers for mobile support screen sharing. See the the list of browsers supporting screen sharing. If you really need to share your mobile device's screen, you may try the experimental native Galene client for Android, which can do screensharing.
After you have refused access to the camera, Safari on mobile remembers your choice. You can get it to forget your choice by erasing the site's cookies (Settings⟶Safari⟶Advanced).
(Even though Galene doesn't use cookies. Go figure.)
Safari for iOS doesn't like self-signed certificates. You will need to use a TLS certificate signed by a CA trusted by iOS.
The needed API (totalAudioEnergy
statistic) is not
implemented in Firefox. There are some workarounds, but they would
increase latency and processor load. Sorry.
This is Firefox bug 1492500. It is apparently fixed in Firefox 106.
Just pick your favourite PDF reader, scale it to a reasonable size, and share its window using the share screen button. I use µPDF. You may share multiple windows simultaneously (e.g. both a PDF with your slides and a drawing program or a text editor).
Alternatively, open the PDF in a second browser tab, and share that tab.
Click on a name in the users' list, and choose Send file in
the dropdown menu. Alternatively, type "/sendfile user
" in
the chat.
Make sure allow-recording
is set in your group
configuration. Log-in as an operator, then say /record
before you start your lecture. Don't forget to say /unrecord
at the end. You will find your recordings under
https://server.example.com/recordings/groupname/
.
Subgroups are Galene's replacement for what other videoconferencing
software calls break-out groups; we have found them to be useful
for student practicals, where students work in groups of 2 or 3 people.
A subgroup of a group G is simply a group with a name of the
form G/H, i.e. the name of G followed by a slash
followed by a string H. The administrator can get the list of
all active (non-empty) subgroups of the current group with the command
/subgroups
.
There are two ways to create subgroups. The first is to create them
manually, just like ordinary groups: the subgroup G/H is defined
by the file groups/G/H.json
,
i.e. file H.json
in a subdirectory G/
of
the groups directory.
The second is to request that they be created automatically by
specifying 'allow-subgroups': true
in G's definition
file. When this flag is specified, any subgroup of G will
automatically be created whenever somebody attempts to join it. The
automatically created subgroup's configuration is an (almost) exact copy
of the supergroup's: identical usernames, passwords and permissions.
If you sound like you're under water, you are putting too much load on the echo suppressor. This is a problem on the sender side. Please use headphones; if that is not possible, reduce your speakers' volume or your microphone gain.
If your voice occasionally sounds like a robot in an old science-fiction movie (or a vocoder), then you're suffering from more packet loss than the concealement algorithm can handle. This could be a problem on the sender side, on the receiver side, or both. Please use a wired connection, or at least avoid having a bearing wall between you and your access point.
If you are trying to use Galene for music, open the side menu and choose “high quality audio”. If you're using high-quality recording hardware in a silent environment, you may also experiment with disabling “Noise suppresion”.
It increases the resolution and attempts to preserve detail at the cost of framerate. Your blackboard will be legible, but your movements might become choppy.
Yes, but it's an undocumented, top-secret feature. In the chat window, type something like
No, we don't (but thanks to all who asked). Please support Ukraine instead, by donating for example to: