jech / galene Goto Github PK

This sounds really intriguing! But for end users, self-build is something to "scare them away" – especially with installing all the Go dependencies.

Would it be possible to provide an AppImage? That would remove those "fears" and makes it easy to try out Galene. Installation would then be pretty easy: download the AppImage, make it executable, run it.

Thanks in advance for considering!

Hi. I have a server setup and am proxying behind nginx.

I start the server with:

 ./galene --turn public.ip.address.here

And am seeing a bunch of errors printed to stdout:

tls: client offered only unsupported versions: [300]
tls: no cipher suite supported by both client and server
error when handling datagram: failed to handle Allocate-request from 73.38.140.198:57891: relay already allocated for 5-TUPLE
turn ERROR: 2021/03/17 19:52:30 error when handling datagram: failed to create stun message from packet: unexpected EOF: not enough bytes to read header

2021/03/17 03:25:49 ICE: unknown id in ICE
2021/03/17 03:25:49 ICE: unknown id in ICE
2021/03/17 03:25:49 ICE: unknown id in ICE
2021/03/17 03:25:49 ICE: unknown id in ICE
2021/03/17 03:25:49 ICE: unknown id in ICE
2021/03/17 03:25:49 ICE: unknown id in ICE
2021/03/17 03:25:49 ICE: unknown id in ICE
2021/03/17 03:25:49 ICE: unknown id in ICE
2021/03/17 03:25:49 ICE: unknown id in ICE
2021/03/17 03:25:49 ICE: unknown id in ICE
2021/03/17 03:25:49 ICE: unknown id in ICE
2021/03/17 03:25:49 ICE: unknown id in ICE
2021/03/17 03:25:49 ICE: unknown id in ICE
2021/03/17 20:43:25 Relay test successful in 31.700699ms, RTT = 223.554µs

Should I be concerned about these?

Using a lib like logrus or zap (or any other), outputing to a file, STDOUT or fluentd.

Hi,

On ARMv7 Linux, galène panics when calling 64-bit atomic functions (LoadingUint64, StoreUint64, ...).

An example when joining a group with two users:

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x11ce8]

goroutine 213 [running]:

runtime/internal/atomic.goLoad64(0x8b62ac, 0x3828549, 0x3b9aca00)
	/usr/local/go/src/runtime/internal/atomic/atomic_arm.go:131 +0x1c
github.com/jech/galene/rtpconn.sendSR(0x85d260, 0x910a58, 0x1)
	/dir/to/galene/rtpconn/rtpconn.go:838 +0x174
github.com/jech/galene/rtpconn.rtcpUpListener(0xcc2a00, 0x8ae1c0, 0xd6a0c0)
	/dir/to/galene/rtpconn/rtpconn.go:718 +0x508
created by github.com/jech/galene/rtpconn.newUpConn.func1
	/dir/to/galene/rtpconn/rtpconn.go:476 +0x258

It seems to be a known bug of the atomic package (https://golang.org/pkg/sync/atomic/#pkg-note-BU) which requires 64-bit values accessed atomically to be 64-bit aligned.

Hi,

when a conference starts all the audio sliders are at full throttle. This means that if you are in a conference with N participants and one of them has an audio volume much lower than the others, then you have to lower the audio on N-1 participants and increase the overall volume

would it possible to start with all the audio sliders at half throttle so that in the previous case we can just increase the volume of the single problematic participant please

TIA

Beppe

I was wondering whether you would consider a contribution of a docker-compose config for nginx/coturn and possibly galene itself. Do you think it may be useful for people who want to give Galene a quick try?

Google Congestion Control (GCC) consists of the combination of two controllers: a loss-based one in the sender, and one delay-based in the receiver. Galène implements both controllers for server->client streams, but only the loss-based controller for client->server streams. Fixing that would allow us to increase the default video quality (in the absence of congestion).

GCC is described in https://tools.ietf.org/html/draft-ietf-rmcat-gcc

Question is about HAPROXY.

Galene is installed sucessfuly but can't see each other on a room.

I only see my own face. (users also see only their own face).

Configuration
Running Galene in a container with only a private IP ( 192.168.10.111)
Public IP is behind another container dedicated to haproxy (192.168.10.252 + PUblic IP ) which send the 443 traffic to Galene container on 8443 port.
Also some iptables redirect for 1194/UDP and 10000-65535 udp port from Haproxy container to Galene container.

when starting Galene:

# ./galene -turn PUBLIC_IP:1194
2021/01/22 11:51:01 Starting built-in TURN server
2021/01/22 11:51:21 Relay test failed: timeout
2021/01/22 11:51:21 Perhaps you didn't configure a TURN server?
2021/01/22 11:53:31 client: read tcp 192.168.10.111:8443->192.168.10.252:35850: read: connection reset by peer

As we can see, it shows Haproxy IP (192.168.10.252) instead of user IP. (X Forward For ?).

Does Galene support haproxy ?

thanks

Hello!
Is there any plan to support several languages?
Please ping me when it will be possible!

On Chrome, Safari all is working perfectely
On Firefox, user can connect but is not showing the video of other people. (other can see him).

Is it a general issue on FF ?

thanks

The positioning of videos is not quite correct. The effect is most visible when there are exactly three videos in a tall, thin window: there are two rows, with two videos in the first row, and one in the second.

The issue lies in function resizePeers in galene.js, which simply chooses the square root of the number of videos as the number of rows. Something smarter is required.

Hi,
thanks for galene !
in full screen, the webcam is reversed,
is there an option ?

Currently, managing Galène requires manually editing a bunch of JSON files. We need a user-friendly administrative interface.

A few thoughts:

• the administrative interface should not be part of the Galène server, which does not need any write access except in the recordings directory (if you're not recording, Galène can be run from a read-only filesystem);
• there is no need for a private protocol between the administrative interface and Galène, since Galène will automatically pick up any changes made to its configuration files;
• it should be possible to both edit the files manually and run the administrative interface (which should detect lost updates and react accordingly).

go version
go version go1.15.6 linux/amd64

CGO_ENABLED=0 go build -ldflags='-s -w'

# runtime/internal/atomic
/usr/local/go/src/runtime/internal/atomic/atomic_amd64x.go:18:6: Load redeclared in this block
	previous declaration at /usr/local/go/src/runtime/internal/atomic/atomic_amd64.go:16:24
/usr/local/go/src/runtime/internal/atomic/atomic_amd64x.go:24:6: Loadp redeclared in this block
	previous declaration at /usr/local/go/src/runtime/internal/atomic/atomic_amd64.go:22:32
/usr/local/go/src/runtime/internal/atomic/atomic_amd64x.go:30:6: Load64 redeclared in this block
	previous declaration at /usr/local/go/src/runtime/internal/atomic/atomic_amd64.go:28:26
/usr/local/go/src/runtime/internal/atomic/atomic_amd64x.go:36:6: LoadAcq redeclared in this block
	previous declaration at /usr/local/go/src/runtime/internal/atomic/atomic_amd64.go:34:27
/usr/local/go/src/runtime/internal/atomic/atomic_amd64x.go:41:6: Xadd redeclared in this block
	previous declaration at /usr/local/go/src/runtime/internal/atomic/atomic_amd64.go:39:37
/usr/local/go/src/runtime/internal/atomic/atomic_amd64x.go:44:6: Xadd64 redeclared in this block
	previous declaration at /usr/local/go/src/runtime/internal/atomic/atomic_amd64.go:42:39
/usr/local/go/src/runtime/internal/atomic/atomic_amd64x.go:47:6: Xadduintptr redeclared in this block
	previous declaration at /usr/local/go/src/runtime/internal/atomic/atomic_amd64.go:45:47
/usr/local/go/src/runtime/internal/atomic/atomic_amd64x.go:50:6: Xchg redeclared in this block
	previous declaration at /usr/local/go/src/runtime/internal/atomic/atomic_amd64.go:48:36
/usr/local/go/src/runtime/internal/atomic/atomic_amd64x.go:53:6: Xchg64 redeclared in this block
	previous declaration at /usr/local/go/src/runtime/internal/atomic/atomic_amd64.go:51:38
/usr/local/go/src/runtime/internal/atomic/atomic_amd64x.go:56:6: Xchguintptr redeclared in this block
	previous declaration at /usr/local/go/src/runtime/internal/atomic/atomic_amd64.go:54:45
/usr/local/go/src/runtime/internal/atomic/atomic_amd64x.go:56:6: too many errors

For example, there is a user named: Joe Dae.
The command /msg Joe Dae Hello! will not work.

Hi Juliusz,

Thanks for the project. Picked it up from a mention on HN the other day. I absolutely love how uncomplicated the setup is.

I did run into an issue when trying to log into Galene using Mobile Safari (iPad).

More specifically, using a Debian 10 VM with Go 1.15.2, cloned galene repo, built it, created a cert, started with ./galene.

In Firefox on Windows - can connect to https://$ip:8443 and log in. That is, works as expected.

In Safari on iPad - can connect to https://$ip:8443, but a log attempt fails with Couldn't connect to wss://$ip:8443/ws.

I can however connect and log into your demo server at https://galene.org:8443.

Dug around a bit and found a comment saying that the iOS doesn't allow WSS with self-signed certs. Seemed like a long shot, but still symlinked ./data/cert.pem from ./static and added it to the iOS trust store (by visiting https://$ip:8443/cert.pem and following the prompts). This eliminated the "unknown cert" warning when opening the page, but the log in error remains.

This has gotta be some well-known caveat... Do you happen to know what the heck is going on here?

Regards,
Alex

Hi,
thank you for the software. I'm currently packaging galene for NixOS, and I'd like to know if you could put an example systemd service file directly in this repository to avoid shipping some "custom" one in the downstream package.

Thanks,
Rémy

With hard coded Coturn account, you can reuse the TURN service, even if your application account is revoked.

Coturn can use a simple hmac password with timestamp and a sercret salt :
https://github.com/coturn/coturn/blob/060bf187879fd1a6386012f4c5a7494824ebe5c8/README.turnserver#L180-L193

With that, galene can compute a coturn account, usable for few hours, for every user, without creating explicit account on coturn side.

This was initially reported by @tohojo.

Galène will automatically pick up any changes to its configuration files. It will not pick up a change to the TLS keys — the only way to rotate keys is to restart the server.

I can see two ways of doing graceful key rotation. The simple one is to stop the TLS listener and then start a new one; this will involve a couple of seconds of downtime, but will not interrupt currently connected users. The other one would be mutate the TLS configuration of the current listener (see (*tls.Certificate).GetCertificate), as is done by the letsencrypt library.

Hi folks,

Is it deliberate to omit .md extensions from all the REAME files in project root folder? As a reader it was hurting my eyes to read non-rendered raw Markdown.

Thanks for releasing galene. I am working on community galene packaging for openSUSE and it would help with certain packaging automation steps if the release tags used go module versions e.g. v0.1.0 and v0.2.0. Would you consider adopting this convention?

I think it would work to add tags v0.1.0 and v0.2.0 at the same revisions as galene-0.1 and galene-0.2 and continue the future release sequence from there. This method works locally:

$ git for-each-ref refs/tags
4dc254d7822fcf5eb016a0152e773f83721adb74 tag    refs/tags/galene-0.1
5f7455af5bf78c837008e80fe4b67809badce3c0 tag    refs/tags/galene-0.2

$ git tag -a -m 'v0.1.0' v0.1.0 4dc254^{}
$ git tag -a -m 'v0.2.0' v0.2.0 5f7455^{}

$ git for-each-ref refs/tags
4dc254d7822fcf5eb016a0152e773f83721adb74 tag    refs/tags/galene-0.1
5f7455af5bf78c837008e80fe4b67809badce3c0 tag    refs/tags/galene-0.2
533ce3fe8b1cc735c700d6e4bc773a9a1ab0fe7a tag    refs/tags/v0.1.0
a9747d99ac7c38217433a647f7f0e4cdc2965aad tag    refs/tags/v0.2.0

Galène already has /stats for some private room statistics. It would be great to add a Prometheus-formatted /metrics HTTP endpoint that also exposes some useful metrics about the instance.

I believe we want /metrics to show only anonymous data such as total number of users (only public rooms ?) and total number of WebRTC session exchanged. These metrics can then be pulled by a Prometheus server or other monitoring services.

I already implemented something similar here : https://github.com/erdnaxe/ghostream/blob/dev/internal/monitoring/monitoring.go. If you are positive about adding such feature, I would enjoy writing a pull request for Galène.

Best regards,

Thanks for this amazing software!

I'm trying to test the record feature, but I keep having the error message "You are not allowed to record". I'm the op of the group, and I've added this to the group config:
"allow-recording": "true"

What am I doing wrong?

Thanks in advance

Regards

Hi,

I think it would be nice to be able to customize the location of the certificates used by galene directly with flags on the command line, e.g. -cert /etc/galene/certificate.pem and -key /etc/galene/key.pem, instead of forcing them to have specific name and be in the data directory. Part of why I want this is to be able to integrate more nicely with my NixOS package attempt for galene ( NixOS/nixpkgs#109414 ). What do you think ?

Thanks,
Rémy

Galene looks very promising. I have just started testing it.

My question: Is there a ays to use Galene with Coturn's static-auth-secret, which does not require a user-name?

Thanks for your response!

• Slow ICE failures pion/ice#271
• ICE Agent can not be restarted when gathering pion/ice#280
• Issues with TCP ICE pion/webrtc#1356 and pion/ice#245
• Issues with UDPMux pion/ice#518 (see also pion/ice#76)
• Pion chooses the wrong remote interface pion/ice#305
• Writes are where we spend most CPU time pion/ice#128
• We're allocating encryption contexts like crazy pion/srtp#76 and golang/go#39365
• We're allocating too many buffers pion/srtp#197
• The WebM files written to disk are incorrect at-wat/ebml-go#134
• The TURN timeout is fixed at 2s https://github.com/pion/webrtc/issues/1635
• The built-in TURN server is too verbose pion/turn#197
• Infinite loop on failed negotation pion/webrtc#1656
• Unable to use separate SSRCs for RTX and RED pion/webrtc#1675
• Stream ids get lost somewhere pion/webrtc#1808
• Race in Pion code pion/webrtc#1803
• Fix crash in samplebuilder.PopWithTimestamp pion/webrtc#1838
• Fix crash when a PC callback is reset pion/webrtc#1872
• Samplebuilder is broken in v3.0.31 pion/webrtc#1839
• Fix building with gccgo pion/transport#200 golang/go#52512
• The AV1 parser is inefficient pion/rtp#265 pion/rtp#266

It does not seem the mailing list has a publicly visible archive. The tone of the webpage and hacker news postings imply that the mailing list is the preferred way to contact the developers, but I was hopeful I can read through the archive before asking redundant questions. I tried without and with making an account at https://lists.galene.org/postorius/lists/galene.lists.galene.org/ but the archive did not seem visible anywhere (hopefully I did not miss something obvious).

Any plans to make the archive visible?

Hi all,

I'm certainly doing something wrong but I don't manage to create a working group, even a very simple one, copying the default public group configuration. What happens is that the Op can log in, but nobody can join the group as the server seems to kick them : the group is locked.

The most simple configuration I tried is the following one, without further success:

{
    "op": [{"username": "OP_USER", "password": "OP_PASSWORD"}],
    "presenter": [{}]
}

I tried the various option of the documentation. I even tried to copy the public group's config in a new file. Even then I'm locked out of the group as a simple user.

What am I doing wrong?

Thanks.

First of all, this is an amazing tool! Thank you!

I set up a public room on my server and the following two configs work fine:

{
  "public": true,
  "op": [{}],
  "presenter": [{}],
  "max-users": 100
}

{
  "public": true,
  "op": [{}],
  "presenter": [],
  "max-users": 100
}

But this last one does not work:

{
  "public": true,
  "op": [],
  "presenter": [],
  "max-users": 100
}

It reports the following when I try to log in with arbitrary user name and empty password:

The change was turning "op": [{}] (working) into "op": []. It is subtle and minor thing, and not really a problem, but I was surprised it is not working, especially given that an empty list seems like the semantically correct line. Given that it is a minor two-character change, I imagine I was not the only one who had a non-working public room on their first attempt.

I had galene-0.1 working back in January. I recently upgraded to the latest code on GitHub, but now I can't start any audio, video, or screen sharing. I've tested with Firefox, Chromium, and Safari.

After I click on the Ready button and allow the camera and microphone, I get the error message, "The Server said: negotiation failed" in the browser. On the server I get the error, "gotOffer: SetRemoteDescription called with no ice-ufrag".

I get the same errors on galene-0.2. If I go back to version 0.1, everything works again.

Galene is configured to use a TURN server running Coturn on a Digital Ocean droplet. Coturn's use-auth-secret option is commented out, so I did not specify "credentialType": "hmac-sha1" in the ice-servers.json file.

Do I need to change my configuration in some way for version 0.2 and later?

Thanks.

Hi, thanks a lot for this great software !
I know it's not an issue with galene, but rather with apache config, but well, I'm a bit stuck:
I can have galene work well in insecure mode, but without sound and audio: I think I've understood this is normal ?
When I install galene behind apache (reverse proxy), TLS fails:

• I've tried to configure apache to point to the cert created with your openssl command, but "SSL_ERROR_RX_RECORD_TOO_LONG"
• I've also configured apache with certbot, but then "internal server error" and "http: TLS handshake error"

Any hint about how to configure galene behind apache as reverse proxy ?
Thanks a lot !

Here is my apache config:

<VirtualHost *:80>
  ServerName audio.cerisara.fr
  ProxyPreserveHost On
  ProxyPass / http://127.0.0.1:8443/ flushpackets=on
  ProxyPassReverse / http://127.0.0.1:8443/

  RewriteEngine on
  RewriteCond %{HTTP:Upgrade} =websocket [NC]
  RewriteRule /(.*)           ws://127.0.0.1:8443/$1 [P,L]

# RewriteCond %{SERVER_NAME} =audio.cerisara.fr
# RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

<VirtualHost _default_:443>
  ServerName audio.cerisara.fr
  ProxyPreserveHost On
  ProxyPass / https://127.0.0.1:8443/ flushpackets=on
  ProxyPassReverse / https://127.0.0.1:8443/

# SSLCertificateFile /etc/letsencrypt/live/audio.cerisara.fr/fullchain.pem
# SSLCertificateKeyFile /etc/letsencrypt/live/audio.cerisara.fr/privkey.pem
# Include /etc/letsencrypt/options-ssl-apache.conf

  RewriteEngine on
  RewriteCond %{HTTP:Upgrade} =websocket [NC]
  RewriteRule /(.*)           ws://127.0.0.1:8443/$1 [P,L]
</VirtualHost>

Hello,

I just discovered in the README:

What are subgroups?

Subgroup's are Galène's replacement for what other videoconferencing software calls break-out groups; we have found them to be useful for student practicals, where students work in groups of 2 or 3 people. A subgroup of a group G is simply a group with a name of the form G/H, i.e. the name of G followed by a slash followed by a string H. The administrator can get the list of all active (non-empty) subgroups of the current group with the command /subgroups.

There are two ways to create subgroups. The first is to create them manually, just like ordinary groups: the subgroup G/H is defined by the file groups/G/H.json, i.e. file H.json in a subdirectory of the groups directory. The second is to specify 'allow-subgroups': true in G's definition file. When this flag is specified, any subgroup of G will automatically be created whenever somebody attempts to join it. The created subgroup's configuration is an (almost) exact copy of the supergroup's: identical usernames, passwords and permissions.

This feature seems to be present since 29bd67c on November 22:

commit 29bd67cc2224d662ad8732395630ef43337beb76
Author: Juliusz Chroboczek <[email protected]>
Date:   Sun Nov 22 19:54:54 2020 +0100

    Implement subgroups.

 README         |  2 ++
 group/group.go | 83 +++++++++++++++++++++++++++++++++++++++++++---------------
 2 files changed, 64 insertions(+), 21 deletions(-)

Shame that I notice just now. Anyway, I have been trying the two different ways described by the README and none seems to do it for me:

• The groups/G/H.json way simply does not show either G or H or G/H.
• The allow-subgroups way shows a group that behaves as any normal group. In particular, no subgroup is created.

I have been testing under cf6c120. for today (January 12). Is this supposed to be working or has this feature been removed from the software and not from the README? If the feature has worked one day, I can try to bisect you the commit at which it stops working for me. I will also gladly provide any extra information that you require.

Best,
— Nicolas

I consistently noticed the following behavior:

1. Open a group page
2. Connect to the group
3. go into "Panic" mode, so that the "Ready" button is visible (either because you connected with autoready disabled or because you pushed "Panic")
4. Log out with the "Ready" button visible

What happens is that the "Ready" button does not disappear, even if you are no longer connected (see attached screenshot at the end)

But what is really interesting is that you can press the "Ready" button and the image appears. So this is a way to test your webcam without being connected.

If you press "Panic" when you are disconnected, then the "Ready" button no longer appears so you are back at point 1.

This suggests a feature. That is, if when you are disconnected the "Ready" button becomes a "Test video" button, and it is always on the connection page (that is, already at step 1) then you have a way to ... Test your video of course. The only modification that would be necessary is to have also the webcam selection menu in the setting part even when you are not connected (currently I just have the "Other settings" part)

Hi I discovered galene yesterday and just love it. it's simple and very sober on ressources. I tried to install it on my litlle raspberry pi4, and succeed a simple install without turn server. But I use nginx and forced https. and when I go to my galene instance, it says : "Client sent an HTTP request to an HTTPS server."

What should I do to use it behind a nginx reverse proxy ?

Tx for this great software.

Hello

Thanks/Merci for this amazing application, it works very fine.

I've some users who wants to create dynamically a room without registering it through json edition. (it is not user-friendly ^^).

What is the best way ? to create a default public room named "private" and allowing subgroups then the users have to add their room in the URL ?

Do you think it would be possible for future to allow users to create a new room through the root page ? (and to protect the room by a secret/password).

thanks again !

The file LICENSE is currently misspelled LICENCE. Renaming the file will help detection in GitHub and distribution packaging (I am working on packaging for openSUSE).

It would be useful if Galene could sanity-check the config on startup. In particular:

• Read all config files and verify their syntax and semantics, log any errors
• Try out the ICE config and log success/failure to connect to each candidate

This would make it easier to be sure that the config works after a change/restart. Maybe even (optionally?) fail to startup if there's an error, so the failure can be picked up by 'systemctl restart'?

With statik(https://github.com/rakyll/statik), so you juste have to deploy one binary.

Scenario causing the issue:

• All users join a room,
• User already in the room start sharing or unsharing (Ready/Panic), the video grid is in the same order for all participants,
• One user reload their webpage and loses the order of the grid.

It would be nice to have consistent grid order between all clients as it would enable people to point to their partners, which is not something working well in other meeting software.

I did not look in details yet but I guess this is caused by the client receiving WebRTC tracks in disorder and then creating HTML elements (in disorder).
What is your opinion about explicitly ordering the grid with WebRTC track identifiers ? I might try writing a pull request if you consider this as useful.

In a group with "presenter": [{}] I can login with the same username multiple times (from different browsers). This makes it impossible for an op to distinguish them for a user-targeting command like /kick or /mute.

Could it be possible to enforce the uniqueness of usernames in such groups? The user could be given a message like for example "This username is already taken, please chose another one".

The code that writes a video to disk (diskwriter.go) has a number of limitations:

• it does not react correctly to persistent packet loss (both a packet and its resent copy being lost), which occasionally causes corruption;
• it loses a small number of frames at the end of a video;
• it does not properly terminate the container file, which is not seekable unless it is postprocessed.

Fixing this will require changes to both the samplebuilder and webm libraries that the disk writer uses.

The current authentication and authorisation scheme is simple and expressive, but has some limitations:

• if a user is authorised in multiple groups, their password entry needs to be duplicated (there is no global password file);
• there is no means of authentication delegation ("login with Github").

On the latter point, one must carefully distinguish between authentication and authorisation. Protocols such as OAuth2 delegate authentication — they say e.g. that a user has authentic Github credentials, but they say nothing about whether said user is allowed to access a given instance of Galène.

Please refrain from commenting about how horrible OAuth2 is. This is true, but quite besides the point.

Hello,

I remember testing a very early version of Galène when it had no name yet, and didn't have CSS either. I also recall that it worked without needing javascript, but anyways...

I'm wondering if it would be possible to use Galène in a very basic mode when Javascript is disabled, the supported version of the browser is out of date, or the browser is not the latest Firefox, with for example only receiving the video and audio, while not being able to talk. It would make the server usable on old and less powerful hardware that some of the less fortune students use to follow there classes.

kerneis:/usr/local/src/galene$ cat /etc/debian_version 
10.7
kerneis:/usr/local/src/galene$ CGO_ENABLED=0 go build -ldflags='-s -w'
build github.com/jech/galene: cannot find module for path crypto/ed25519
kerneis:/usr/local/src/galene$ go version
go version go1.11.6 linux/amd64

It would be nice if the README specified the minimal required version of the compiler.

I've installed Galene a few days ago from GitHub. The README mentions -turn command-line flag, but when trying to use it (both with arguments and without), I get

flag provided but not defined: -turn
Usage of ./galene:
  -cpuprofile file
        store CPU profile in file
  -data directory
        data directory (default "./data/")
  -groups directory
        group description directory (default "./groups/")
  -http address
        web server address (default ":8443")
  -insecure
        act as an HTTP server rather than HTTPS
  -mdns
        gather mDNS addresses
  -memprofile file
        store memory profile in file
  -mutexprofile file
        store mutex profile in file
  -recordings directory
        recordings directory (default "./recordings/")
  -redirect host
        redirect to canonical host
  -relay-only
        require use of TURN relays for all media traffic
  -static directory
        web server root directory (default "./static/")

Administrators need some clues while hosting galene services.
Something standard, from the outside (without joining any rooms).

Golang's pprof

Golang can expose pprof stuff as HTTP, providing some client tools.

Application stats

Galene already has webrtc stats for each rooms

Prometheus endpoint

Prometheus is the de facto tool for exposing metrics.
It can be read with Prometheus and other time series collector, like telegraf.
Prometheus endpoint is human readable, with comments.

Security

The draft use a private website, listening on localhost, authentication should be added

UI

For now, there is no UI, just REST endpoints.

See #23

Hi,

After recording a session with several participants and screen shares, galene produces a .webm file for each video stream.

Do you have any plans/ideas about how to mix these files together to replay a session?
My use case is to replay a lecture so student who missed it can see it as it was.

Hi!

I could not start a meeting today because video streams were not transmitted.
I suspect my university's network is the culprit here, it is known to block some random (useful) ports.
Unfortunately, I'm new to this kind of debugging so I'd be glad if you could give some hints how to identify the problem.

Here is some context I think might be relevant:

• it was a two people meeting
• on both ends we could watch our own video but not the other person's (hence my guess that this is firewall/network related)
• we could see each other as "connected" in the left menu and the chat was working
• that was the first time I was using Galène from my university
• I've been using Galène successfully from home for the past few weeks on the same laptop
• I know one other person who has had the same issue on eduroam (also known to block too many ports)
• Jitsi works fine on the same network

Thanks in advance if you can give me some advice how to debug this and let me know if I can do something useful for Galène on this front.
Btw, thanks for making Galène, it is great! It is certainly one of the best open source options for videoconferencing at the moment.

If one disable webrtc (about:config => media.peerconnection.enabled set to false), galene will silently fail with a error in the web console:

Uncaught (in promise) ReferenceError: RTCPeerConnection is not defined
    newUpStream https://galene.example.org/protocol.js:406
    newUpStream https://galene.example.org/galene.js:779
    addLocalMedia https://galene.example.org/galene.js:1066

This setting is documented on https://wiki.mozilla.org/Media/WebRTC/Privacy

While that's not a default configuration, some people disable Webrtc for privacy (with https://addons.mozilla.org/en-US/firefox/addon/happy-bonobo-disable-webrtc/ , and afaik, the Tor browser do it).

I'm currently working on the context menu of Pyrite(https://github.com/garage44/pyrite/issues/15). To be able
to show the right options, I need to be able to tell what permissions other users have. I'll try to make a PR
out of it.