{"id":13573909,"url":"https://github.com/jech/galene","last_synced_at":"2025-05-14T21:06:52.652Z","repository":{"id":42899596,"uuid":"322915351","full_name":"jech/galene","owner":"jech","description":"The Galène videoconference server","archived":false,"fork":false,"pushed_at":"2025-04-08T13:23:05.000Z","size":3908,"stargazers_count":1042,"open_issues_count":40,"forks_count":144,"subscribers_count":33,"default_branch":"master","last_synced_at":"2025-04-13T17:46:50.696Z","etag":null,"topics":["file-sharing","galene","sfu","video-conference","video-conferencing","videoconference","webapp","webrtc"],"latest_commit_sha":null,"homepage":"https://galene.org","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jech.png","metadata":{"files":{"readme":"README","changelog":"CHANGES","contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2020-12-19T18:44:46.000Z","updated_at":"2025-04-12T12:26:32.000Z","dependencies_parsed_at":"2024-03-09T13:26:22.086Z","dependency_job_id":"777f2892-53ff-4e61-bd4e-9af8fa47d1e6","html_url":"https://github.com/jech/galene","commit_stats":{"total_commits":1052,"total_committers":14,"mean_commits":75.14285714285714,"dds":0.07794676806083645,"last_synced_commit":"58ef60f9747bf03fb50f44e589b2c2ea11cbdf87"},"previous_names":[],"tags_count":36,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jech%2Fgalene","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jech%2Fgalene/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jech%2Fgalene/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jech%2Fgalene/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jech","download_url":"https://codeload.github.com/jech/galene/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254227612,"owners_count":22035669,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["file-sharing","galene","sfu","video-conference","video-conferencing","videoconference","webapp","webrtc"],"created_at":"2024-08-01T15:00:43.270Z","updated_at":"2025-05-14T21:06:47.640Z","avatar_url":"https://github.com/jech.png","language":"Go","funding_links":[],"categories":["Go","Projects","Collaboration"],"sub_categories":["Video Conference","Video Conferencing (Zoom, Webex, Google Meet, Skype... alternatives)"],"readme":"Galene is a videoconferencing server that is easy to deploy and requires\nmoderate server resources. It is described at \u003chttps://galene.org\u003e.\n\n\n# Installation\n\nQuick start:\n\n git clone https://github.com/jech/galene\n cd galene\n CGO_ENABLED=0 go build -ldflags='-s -w'\n mkdir groups\n echo '{\"users\": {\"bob\": {\"password\":\"1234\", \"permissions\":\"op\"}}}' \u003e \\\n groups/example.json\n ./galene \u0026\n\nPoint your browser at \u003chttps://localhost:8443/group/example/\u003e, ignore the\nunknown certificate warning, and log in with username \"bob\" and password\n\"secret\".\n\nSee the file INSTALL in this directory for full installation instructions.\n\n\n# Usage\n\n## Locations\n\nThere is a landing page at the root of the server. It contains a form\nfor typing the name of a group, and a clickable list of public groups.\n\nGroups are available under `/group/groupname/`. You may share this URL\nwith others, there is no need to go through the landing page.\n\nRecordings can be accessed under `/recordings/groupname/`. This is only\navailable to the administrator of the group.\n\nSome statistics are available under `/stats.json`, with a human-readable\nversion at `/stats.html`. This is only available to the server administrator.\n\n\n## Main interface\n\nAfter logging in, the user is confronted with the main interface.\n\n### Buttons\n\nThere are up to three buttons at the top. The *Enable*/*Disable* button\nenables either or both the camera and the microphone (depending on the\noptions set in the side menu, see below). The *Mute* button mutes or\nunmutes the microphone. The *Share Screen* button shares the screen or\na window.\n\n### Side menu\n\nThere is a menu on the right of the user interface. This allows choosing\nthe camera and microphone and setting the video throughput. The\n*Blackboard mode* checkbox increases resolution and sacrifices framerate\nin favour of image quality. The *Play local file* dialog allows streaming\na video from a local file.\n\n### User list\n\nThere is a user list on the left. Clicking on a user opens a menu with\nactions that can be applied to that user. Clicking on ones own username\nopens a menu with actions that are global to the group.\n\n### Chat pane\n\nDouble-clicking on a message opens a contextual menu.\n\n### Text box\n\nTyping a string in the text box at the bottom of the chat pane sends\na broadcast message to all of the users in the group.\n\nTyping a line starting with a slash `/` in the text box causes a command\nto be sent to the server. Type `/help` to get the list of available\ncommands; the output depends on whether you are an operator or not.\n\n\n# The global configuration file\n\nThe server may be configured in the JSON file `data/config.json`. This\nfile may look as follows:\n\n {\n \"users\":{\"root\": {\"password\":\"secret\", \"permissions\": \"admin\"}},\n \"canonicalHost\": \"galene.example.org\"\n }\n\nor, better, with a hashed password:\n\n {\n \"users\": {\n \"root\": {\n \"password\":{\"type\":\"bcrypt\",\"key\":\"$2a$10$bTWW...\"},\n \"permissions\": \"admin\"\n }\n },\n \"canonicalHost\": \"galene.example.org\"\n }\n\nThe fields are as follows:\n\n - `users` defines the users allowed to administer the server, and has the\n same syntax as user definitions in groups (see below), except that the\n only meaningful permission is `\"admin\"`;\n\n - `writableGroups`: if true, then the API can modify group description\n files; by default, group files are treated as read-only;\n\n - `publicServer`: if true, then cross-origin access to the server is\n allowed. This makes the server vulnerable to cross-origin scripting\n attacks, but is necessary in some cases.\n\n - `proxyURL`: if running behind a reverse proxy, this specifies the root\n URL that will be visible outside the proxy.\n\n - `canonicalHost`: the canonical name of the host running the server;\n this will cause clients to be redirected if they use a different\n hostname to access the server.\n\n\n# Group definitions\n\nGroups are defined by files in the `./groups` directory (this may be\nconfigured by the `-groups` command-line option, try `./galene -help`).\nThe definition for the group called *groupname* is in the file\n`groups/groupname.json`; it does not contain the group name, which makes\nit easy to copy or link group definitions. You may use subdirectories:\na file `groups/teaching/networking.json` defines a group called\n*teaching/networking*.\n\n\n## Examples\n\nA typical group definition file looks like this:\n\n {\n \"users\":{\n \"jch\": {\"password\":\"1234\", \"permissions\": \"op\"}\n },\n \"allow-recording\": true,\n \"auto-subgroups\": true\n }\n\nThis defines a group with the operator (administrator) username *jch* and\npassword *1234*. The `allow-recording` entry says that the operator is\nallowed to record videos to disk, and the `auto-subgroups` entry says\nthat subgroups will be created automatically. This particular group does\nnot allow password login for ordinary users, and is suitable if you use\ninvitations (see *Stateful Tokens* below) for ordinary users.\n\nIn order to allow password login for ordinary users, add password entries\nwith the permission `present`:\n\n {\n \"users\":{\n \"jch\": {\"password\": \"1234\", \"permissions\": \"op\"},\n \"john\": {\"password\": \"secret\", \"permissions\": \"present\"}\n }\n }\n\nIf the group is to be publicly accessible, you may allow logins with any\nusername using the `wildcard-user` entry::\n\n {\n \"users\":{\n \"jch\": {\"password\":\"1234\", \"permissions\": \"op\"}\n },\n \"wildcard-user\": {\"password\": \"1234\", \"permissions\": \"present\"},\n \"public\": true\n }\n\nIf you want to allow users to use any password, use a wildcard password:\n\n {\n \"users\":{\n \"jch\": {\"password\":\"1234\", \"permissions\": \"op\"}\n },\n \"wildcard-user\":\n {\"password\": {\"type\": \"wildcard\"}, \"permissions\": \"present\"},\n \"public\": true\n }\n\n## Reference\n\nEvery group definition file contains a single JSON directory (a list of\nentries between `{` and `}`). All fields are optional, but unless you\nspecify at least one user definition (`op`, `presenter`, or `other`),\nnobody will be able to join the group. The following fields are allowed:\n\n - `users`: is a dictionary that maps user names to dictionaries with\n entries `password` and `permissions`; see below for a description of\n possible permissions;\n\n - `wildcard-user` is a dictionaries with entries `password` and `permissions`\n that will be used for usernames with no matching entry in the `users`\n dictionary;\n\n - `authKeys`, `authServer` and `authPortal`: see *Authorisation* below;\n\n - `public`: if true, then the group is listed on the landing page;\n\n - `displayName`: a human-friendly version of the group name;\n\n - `description`: a human-readable description of the group; this is\n displayed on the landing page for public groups;\n\n - `contact`: a human-readable contact for this group, such as an e-mail\n address, ignored by the server;\n\n - `comment`: a human-readable string, ignored by the server;\n\n - `max-clients`: the maximum number of clients that may join the group at\n a time;\n\n - `max-history-age`: the time, in seconds, during which chat history is\n kept (default 14400, i.e. 4 hours);\n\n - `not-before` and `expires`: the times (in ISO 8601 or RFC 3339 format)\n between which joining the group is allowed;\n\n - `allow-recording`: if true, then recording is allowed in this group;\n\n - `unrestricted-tokens`: if true, then ordinary users (without the \"op\"\n privilege) are allowed to create tokens;\n\n - `allow-anonymous`: if true, then users may connect with an empty username;\n\n - `auto-subgroups`: if true, then subgroups of the form `group/subgroup`\n are automatically created when first accessed;\n\n - `autolock`: if true, the group will start locked and become locked\n whenever there are no clients with operator privileges;\n\n - `autokick`: if true, all clients will be kicked out whenever there are\n no clients with operator privileges; this is not recommended, prefer\n the `autolock` option instead;\n\n - `redirect`: if set, then attempts to join the group will be redirected\n to the given URL; most other fields are ignored in this case;\n\n - `codecs`: this is a list of codecs allowed in this group. The default\n is `[\"vp8\", \"opus\"]`.\n\nThe value of the `permissions` entry in a user definition can either be an\narray of individual permissions, as carried by the protocol, or one of\nthe following strings:\n\n - `op`, a group operator with all rights except administering the group;\n - `present`, an ordinary user with the right to publish audio and video\n streams and send chat messages;\n - `message`, a user with the right to send chat messages;\n - `observe`, a user that receives media streams and chat messages, but\n is not allowed to send them;\n - `caption`, a user with the right to display captions (only);\n - `admin`, a user with the right to administer the group (only).\n\nSupported video codecs include:\n\n - `\"vp8\"` (compatible with all supported browsers);\n - `\"vp9\"` (better video quality, but incompatible with Safari; buggy in\n Firefox);\n - `\"av1\"` (even better video quality, only supported by some browsers,\n recording is not supported, SVC is not supported);\n - `\"h264\"` (incompatible with Debian and with some older Android devices,\n SVC is not supported).\n\nSupported audio codecs include `\"opus\"`, `\"g722\"`, `\"pcmu\"` and `\"pcma\"`.\nOnly Opus can be recorded to disk. There is no good reason to use\nanything except Opus.\n\n\n## Client Authorisation\n\nGalene implements three authorisation methods: a simple username/password\nauthorisation scheme, a scheme using stateful tokens and a mechanism based\non cryptographic tokens that are generated by an external server. The\nformer two mechanism are intended to be used in standalone installations,\nwhile the server-based mechanism is designed to allow easy integration\nwith an existing authorisation infrastructure (such as LDAP, OAuth2, or\neven Unix passwords).\n\n### Password authorisation\n\nWhen password authorisation is used, authorised usernames and password are\ndefined directly in the group configuration file, in the `users` and\n`wildcard-user` entries. The `users` entry is a dictionary that maps user\nnames to user descriptions; the `wildcard-user` is a user description\nthat is used with usernames that don't appear in `users`.\n\nEvery user description is a dictionary with fields `password` and\n`permissions`. The `password` field may be a literal password string, or\na dictionary describing a hashed password or a wildcard. The\n`permissions` field should be one of `op`, `present`, `message` or\n`observe`. (An array of Galene's internal permissions is also allowed,\nbut this is not recommended, since internal permissions may vary from\nversion to version).\n\nFor example, the entry\n\n \"users\": {\"jch\": {\"password\": \"1234\", \"permissions\": \"op\"}}\n\nspecifies that user \"jch\" may login as operator with password \"1234\", while\n\n \"wildcard-user\": {\"password\": \"1234\", \"permissions\": \"present\"}\n\nallows any username with password *1234*. Finally,\n\n \"wildcard-user\":\n {\"password\": {\"type\": \"wildcard\"}, \"permissions\": \"present\"}\n\nallows any username with any password.\n\n\n### Hashed passwords\n\nIf you don't wish to store cleartext passwords on the server, you may\ngenerate hashed passwords with the `galenectl` utility. A user entry with\na hashed password looks like this:\n\n \"users\": {\n \"jch\": {\n \"password\": {\n \"type\": \"pbkdf2\",\n \"hash\": \"sha-256\",\n \"key\": \"f591c35604e6aef572851d9c3543c812566b032b6dc083c81edd15cc24449913\",\n \"salt\": \"92bff2ace56fe38f\",\n \"iterations\": 4096\n },\n \"permissions\": \"op\"\n }\n }\n\n\n### Stateful tokens\n\nStateful tokens allow to temporarily grant access to a user. In order to\ngenerate a stateful token, the group administrator types\n\n /invite user period\n\nwhere `user` is the username granted to the temporary user, and `period`\nis the time period for which the token will be valid (for example `2d`\nmeaning 2 days). The server replies with a link, valid the given time\nperiod, that may be sent to the temporary user for example by e-mail.\n\nTokens may also be granted without imposing a specific username:\n\n /invite '' 2d\n\nStateful tokens are revokable (use the `/revoke` command) and their\nlifetime may be extended (use the `/reinvite` command).\n\n\n### Authorisation servers\n\nGalene is able to delegate authorisation decisions to an external\nauthorisation server. This makes it possible to integrate Galene with an\nexisting authentication and authorisation infrastructure, such as LDAP,\nOAuth2 or even Unix passwords.\n\nWhen an authorisation server is used, the group configuration file\nspecifies one or more public keys in JWK format (with the restriction that\nthe \"alg\" key must be specified). In addition, it may specify either an\nauthorisation server or an authorisation portal.\n\n {\n \"authKeys\": [{\n \"kty\": \"oct\",\n \"alg\": \"HS256\",\n \"k\": \"MYz3IfCq4Yq-UmPdNqWEOdPl4C_m9imHHs9uveDUJGQ\",\n }, {\n \"kty\": \"EC\",\n \"alg\": \"ES256\",\n \"crv\": \"P-256\",\n \"x\": \"dElK9qBNyCpRXdvJsn4GdjrFzScSzpkz_I0JhKbYC88\",\n \"y\": \"pBhVb37haKvwEoleoW3qxnT4y5bK35_RTP7_RmFKR6Q\",\n }]\n \"authServer\": \"https://auth.example.org\",\n }\n\nIf multiple keys are provided, then they will all be tried in turn, unless\nthe token includes the \"kid\" header field, in which case only the\nspecified key will be used.\n\nIf an authorisation server is specified, then the default client, after it\nprompts for a password, will request a token from the authorisation server\nand will join the group using token authentication. The password is never\ncommunicated to the server.\n\nIf an authorisation portal is specified, then the default client will\nredirect initial client connections to the authorisation portal. The\nauthorisation portal is expected to authorise the client and then redirect\nit to Galene with the `username` and `token` query parameters set.\n\n\n# Further information\n\nGalène's web page is at \u003chttps://galene.org\u003e.\n\nAnswers to common questions and issues are at \u003chttps://galene.org/faq.html\u003e.\n\n\n-- Juliusz Chroboczek \u003chttps://www.irif.fr/~jch/\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjech%2Fgalene","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjech%2Fgalene","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjech%2Fgalene/lists"}