1
Fork 0
mirror of https://github.com/jech/galene.git synced 2024-11-08 17:55:59 +01:00
The Galène videoconference server
Find a file
Juliusz Chroboczek 1ec0e7540a Passive ICE TCP.
2020-10-02 23:48:33 +02:00
conn Move connections to their own package. 2020-09-13 20:40:33 +02:00
data Make the default list of ICE servers empty, update docs. 2020-09-24 19:38:59 +02:00
disk Override permissions for disk recording. 2020-10-01 13:40:15 +02:00
estimator Use jiffies in rate estimator. 2020-06-09 14:14:32 +02:00
group Passive ICE TCP. 2020-10-02 23:48:33 +02:00
jitter Rename mono to rtptime. 2020-06-03 20:12:25 +02:00
packetcache Be more aggressive about growing the packet cache. 2020-06-09 17:17:21 +02:00
rtpconn Reuse single buffer in RTCP listeners. 2020-10-01 22:22:17 +02:00
rtptime Compute down track RTT. 2020-06-03 23:45:45 +02:00
static Implement private messages. 2020-10-01 16:59:09 +02:00
stats Move stats code into its own module. 2020-09-18 10:26:00 +02:00
webserver Store HTTP server in atomic.Value. 2020-10-01 19:47:04 +02:00
.gitignore Update .gitignore. 2020-09-18 10:31:42 +02:00
go.mod Update dependencies. 2020-10-01 19:25:45 +02:00
go.sum Update dependencies. 2020-10-01 19:25:45 +02:00
README Implement private messages. 2020-10-01 16:59:09 +02:00
README.FRONTEND Remove up media when closing the socket. 2020-08-23 19:07:52 +02:00
sfu.go Passive ICE TCP. 2020-10-02 23:48:33 +02:00

# Installation

## Build the server binary

    CGO_ENABLED=0 go build -ldflags='-s -w'

## Create a server certificate

    mkdir data
    openssl req -newkey rsa:2048 -nodes -keyout data/key.pem -x509 -days 365 -out data/cert.pem

## Set the server administrator credentials

This step is optional.

    echo 'god:topsecret' > data/passwd

## Set up a TURN server

This step is optional, but unless you set up a TURN server, your server
will be inaccessible from most enterprise and many university networks.
For best results, set up TURN over TCP on port 443 (HTTPS); if port 443 is
not available, port 1194 (OpenVPN) is a good choice.

The address of the TURN server is configured in the file
`data/ice-servers.json`.  It should look like this:

    [{
      "urls":["turn:turn.example.com:443?transport=tcp"],
      "username":"username",
      "credential":"password"
    }]

The *username* and *password* should be the same as the ones in your TURN
server's configuration.

## Set up a group

A group is set up by creating a file `groups/name.json`.  The available
options are described below.

    mkdir groups
    vi groups/public.json

    {
      "public":true,
      "op":[{"username":"jch","password":"1234"}],
      "presenter":[{}],
      "max-users":100
    }

## Copy the necessary files to your server:

Assuming you have set up a user *sfu*:

    rsync -a sfu static data groups sfu@server.example.org:

## Run the server binary:

    ssh sfu@server.example.org
    nohup ./sfu &

If you are using *runit*, use a script like the following:

    #!/bin/sh
    exec 2>&1
    cd ~sfu
    exec setuidgid sfu ./sfu

If you are using *systemd*, use `Type=simple` in your service file.

# Locations

There is a landing page at the root of the server.  It contains a form
for typing the name of a group, and a clickable list of public groups.

Groups are available under `/group/groupname`.  You may share this URL
with others, there is no need to go through the landing page.

Recordings can be accessed under `/recordings/groupname`.  This is only
available to the administrator of the group.

Some statistics are available under `/stats`.  This is only available to
the server administrator.


# Group definitions

Groups are defined by files in the directory defined by the `-groups`
command-line option, one per group.  The group definition file does not
contain the name of the group -- that makes it possible to set up a new
group just by copying a template file.

The group definition file contains a JSON directory with the following
fields, all of which are optional.

 - `op`, `presenter`, `other`: each of these is an array of user
   definitions (see below) and specifies the users allowed to connect
   respectively with operator privileges, with presenter privileges, and
   as passive listeners;
 - `public`: if true, then the group is visible on the landing page;
 - `description`: a human-readable description of the group; this is
   displayed on the landing page for public groups;
 - `max-clients`: the maximum number of clients that may join the group at
   a time;
 - `allow-recording`: if true, then recording is allowed in this group;
 - `allow-anonymous`: if true, then users may connect with an empty
   username; this is not recommended, since anonymous users are not
   allowed to participate in the chat;
 - `redirect`: if set, then attempts to join the group will be redirected
   to the given URL; most other fields are ignored in this case.
   
A user definition is a dictionary with the following fields:

 - `username`: the username of the user; if omitted, any username is
   allowed;
 - `password`: the password of the user; if omitted, then any password
   (including the empty paassword) is allowed.
   
For example

    {"username":"jch", "password":"topsecret"}
    
specifies user *jch* with password *topsecret*, while

    {"password":"topsecret"}
    
specifies that any username will do.  The empty dictionary

    {}
    
specifies that any username will do and that passwords are not verified.


# Commands

Typing a line starting with a slash `/` in the chat dialogue causes
a command to be sent to the server.  The following commands are available
to all users:

 - `/msg user text`: sends a private message;
 - `/me text`: sends a chat message starting with the sender's username;
 - `/leave`: equivalent to clicking the *Disconnect* button.
 - `/set var val`: sets the value of a configuration variable without any
   error checking.  Without parameters, displays the current configuration.
 - `/unset var`: removes a configuration variable.
 
The following commands are only available to users with operator
privileges:

 - `/clear`: clears the chat history for all users;
 - `/lock message`: prevents any new users from connecting to the group unless
   they have operator privileges;
 - `/unlock`: reverts the effect of `/lock`;
 - `/record`: start recording;
 - `/unrecord`: stop recording;
 - `/op user`: gives operator privileges to a user;
 - `/unop user`: takes away operator privileges;
 - `/present user`: gives presenter privileges to a user;
 - `/unpresent user`: takes away presenter privileges from a user and
   forcibly closes any presentations from that user that may be taking place;
 - `/kick user`: forcibly disconnects a user from the group.

--- Juliusz Chroboczek <https://www.irif.fr/~jch/>