Frequently Asked Questions about Galène

Server questions

What hardware should I use for running the server?

The server is written in portable Go code. It should run fine on any system that is supported by the Go compiler or by gccgo.

For best performance, you should use a system with hardware support for AES encryption. All modern AMD 64 system should have hardware encryption, as do most ARM64 systems. The Raspberry Pi does not support hardware AES. Go does not use hardware AES on 32-bit ARM, even when supported by the heardware.

Galene needs little memory -- it should run fine in 256 MB of RAM, and is rock solid with 512 MB.

How do I run Galene on port 443

On Unix-like systems, ports below 1024 are reserved for root. In order to run Galene on port 443, you need to give Galene the required permissions. On Linux systems, the capability CAP_NET_BIND_SERVICE is required.

For example, if you're using SystemD you may say something like:

AmbientCapabilities=CAP_NET_BIND_SERVICE ExecStart=/home/galene/galene -http :443

How do I run Galene behind a reverse proxy?

Please see the installation instructions

Is it possible to run Galène within a Docker container?

It is possible, but it is not recommended.

Galene is a single binary that can run as an ordinary user or within a chroot. Docker introduces a lot of complexity that is not required for running Galene, and, in particular, makes it difficult to configure high-performance network access.

Is it possible to authentify users using LDAP?

LDAP support is implemented in galene-ldap, which is a separate server that communicaes with Galene over a custom protocol. This separation means that Galene itself doesn't need to know any LDAP credentials, only galene-ldap does.

Galène says Loopback test failed

This indicates that Galène couldn't reach any TURN servers. If you're running the built-in TURN server, this may very well happen if you're behind NAT and your NAT device doesn't support hairpinning. Please don't run Galène behind NAT, or use a better NAT device, or use a TURN server that is not behind NAT.

If you are running an external TURN server, this probably indicates that there's something wrong with the TURN configuration; please check your TURN server's logs. You might get additional hints by running

PION_LOG_TRACE=ice ./galene

Galène says File descriptor limit is XXXX, this is too low

At startup, Galène attempts to raise its file descriptor limit to 65535. If it doesn't have the permissions to do so, it displays this warning. Galène should still work fine, but it might start dropping streams under load.

Please arrange to raise the file descriptor limit before Galène is launched. If using a shell script, say "ulimit -n 65535". If using SystemD, say "LimitNOFILE = 65535".

The browser displays a scary security warning

In order to authentify and encrypt communication between the clients and the server, Galène needs a data structure called a TLS server certificate. If a TLS certificate is not found on disk, Galène will generate one itself. This “self-signed” certificate is not known to the browsers, which are therefore unable to verify that it belongs to a trusted entity, and end up displaying a big red warning.

(Which is silly. Browsers don't display the warning for plain HTTP, which is completely insecure, but do display the warning for encrypted communication using self-signed certificates.)

In order to avoid the warning, you will need to obtain an “official” certificate, registered with an entity that is trusted by the browsers, and make it available to Galène under data/cert.pem and data/key.pem; please see Galène's README for instructions.

I get my certificates from Let's Encrypt. After installing certbot and setting it up to renew certificates automatically, I do

chmod go-rwx ~galene/data/ cp /etc/letsencrypt/live/galene.org/fullchain.pem ~galene/data/cert.pem cp /etc/letsencrypt/live/galene.org/privkey.pem ~galene/data/key.pem chown galene:galene ~galene/data/cert.pem ~galene/data/key.pem
This process needs to be repeated every couple months; a cron job is useful.

A newly created group doesn't appear in the public groups list

Galene will notice the new group within 15 minutes at most. In order to get it to notice earlier, just access the group's page (https://galene.example.org/group/whatever/).

Questions about the default JavaScript client

Which browsers are supported?

We aim to work on any recent browser that implements WebRTC. See the list of browsers supporting WebRTC.

Screen sharing doesn't work under Mac OS X 10.15 (Catalina) or later

Go to System PreferencesPrivacy and SecurityScreen Recording, and grant the required permissions to your browser.

Screen sharing doesn't work on mobile

None of the currently available browsers for mobile support screen sharing. See the the list of browsers supporting screen sharing. If you really need to share your mobile device's screen, you may try the experimental native Galene client for Android, which can do screensharing.

After I refuse access to the camera on Safari on mobile, I'm stuck

After you have refused access to the camera, Safari on mobile remembers your choice. You can get it to forget your choice by erasing the site's cookies (Settings⟶Safari⟶Advanced).

(Even though Galene doesn't use cookies.)

Safari on mobile refuses to connect to my server

Safari for iOS doesn't like self-signed certificates. You will need to use a TLS certificate signed by a CA trusted by iOS.

Activity detection doesn't work on Firefox

The needed API (totalAudioEnergy statistic) is not implemented in Firefox. There are some workarounds, but they would increase latency and processor load. Sorry.

VP9 has low quality when generated by Firefox

This is Firefox bug 1633876. Please disable simulcast at the sender.

How do I...

How do I display my slides?

Just pick your favourite PDF reader, scale it to a reasonable size, and share its window using the share screen button. I use µPDF. You may share multiple windows simultaneously (e.g. both a PDF with your slides and a drawing program or a text editor).

Alternatively, open the PDF in a second browser tab, and share that tab.

Is there an integrated blackboard?

No. I usually use my favorite painting program, and share the window over Galene.

Tableaunoir is a competently done shared blackboard independent of Galene. It is free software.

How do I send a file?

Click on a name in the users' list, and choose Send file in the dropdown menu. Alternatively, type "/sendfile user" in the chat.

How do I record my lecture?

Make sure allow-recording is set in your group configuration. Log-in as an operator, then say /record before you start your lecture. Don't forget to say /unrecord at the end. You will find your recordings under https://server.example.com/recordings/groupname/.

Other questions

What's an Op?

En Op (short for Operator) is a slightly weaker version of an administrator. An Op can kick out users, allow users to present, temporarily lock the group, etc. Unlike an administrator, an Op is not allowed to change the group configuration or add new users.

What are subgroups?

Subgroups are Galene's replacement for what other videoconferencing software calls break-out groups; we have found them to be useful for student practicals, where students work in groups of 2 or 3 people. A subgroup of a group G is simply a group with a name of the form G/H, i.e. the name of G followed by a slash followed by a string H. The op can get the list of all active (non-empty) subgroups of the current group with the command /subgroups.

There are two ways to create subgroups. The first is to create them manually, just like ordinary groups: the subgroup G/H is defined by the file groups/G/H.json, i.e. file H.json in a subdirectory G/ of the groups directory.

The second is to request that they be created automatically by specifying 'allow-subgroups': true in G's definition file. When this flag is specified, any subgroup of G will automatically be created whenever somebody attempts to join it. The automatically created subgroup's configuration is an (almost) exact copy of the supergroup's: identical usernames, passwords and permissions.

Why is my sound quality poor?

If you sound like you're under water, you are putting too much load on the echo suppressor. This is a problem on the sender side. Please use headphones; if that is not possible, reduce your speakers' volume or your microphone gain.

If your voice occasionally sounds like a robot in an old science-fiction movie (or a vocoder), then you're suffering from more packet loss than the concealement algorithm can handle. This could be a problem on the sender side, on the receiver side, or both. Please use a wired connection, or at least avoid having a bearing wall between you and your access point.

If you are trying to use Galene for music, open the side menu and choose “high quality audio”. If you're using high-quality recording hardware in a silent environment, you may also experiment with disabling “Noise suppresion”.

What does the Blackboard mode do?

It increases the resolution and attempts to preserve detail at the cost of framerate. Your blackboard will be legible, but your movements might become choppy.

Can I use Galene with OBS Studio

Yes.

OBS Studio 30 has native support for the WISH protocol, which is also implemented by Galene. In order to use the native support, make sure that the group allows the H.264 codec (the codecs entry should contain h264), then point OBS Studio at the URL https://galene.example.org/group/name/.whip.

If you are using an older version of OBS Studio, or you cannot reconfigure the group to allow H.264, then you will need to use galene-stream to recode your stream.

Can I manually set the resolution that I send ?

Yes, but it's an undocumented, top-secret feature. In the chat window, type something like

/set resolution [1024, 768]
then restart your video (hit Enable then Disable).

Do you accept donations?

No, we don't (but thanks to all who asked). Please support Ukraine instead, by donating for example to: