mirror of
https://github.com/jech/galene.git
synced 2024-12-22 15:25:48 +01:00
The Galène videoconference server
5e130122f5
We already send NACKs when a packet is missing. Under high packet loss, however, the recovery packet might get lost two. Forward receiver NACKs to the sender, but only after a delay and after checking that the packet has not arrived in the meantime. |
||
---|---|---|
conn | ||
data | ||
diskwriter | ||
estimator | ||
group | ||
jitter | ||
packetcache | ||
rtpconn | ||
rtptime | ||
static | ||
stats | ||
webserver | ||
.gitignore | ||
go.mod | ||
go.sum | ||
README | ||
README.FRONTEND | ||
sfu.go |
# Installation
## Build the server binary
CGO_ENABLED=0 go build -ldflags='-s -w'
## Create a server certificate
mkdir data
openssl req -newkey rsa:2048 -nodes -keyout data/key.pem -x509 -days 365 -out data/cert.pem
## Set the server administrator credentials
This step is optional.
echo 'god:topsecret' > data/passwd
## Set up a TURN server
This step is optional, but unless you set up a TURN server, your server
will be inaccessible from most enterprise and many university networks.
For best results, set up TURN over TCP on port 443 (HTTPS); if port 443 is
not available, port 1194 (OpenVPN) is a good choice.
The address of the TURN server is configured in the file
`data/ice-servers.json`. It should look like this:
[{
"urls":["turn:turn.example.com:443?transport=tcp"],
"username":"username",
"credential":"password"
}]
The *username* and *password* should be the same as the ones in your TURN
server's configuration.
## Set up a group
A group is set up by creating a file `groups/name.json`. The available
options are described below.
mkdir groups
vi groups/public.json
{
"public":true,
"op":[{"username":"jch","password":"1234"}],
"presenter":[{}],
"max-users":100
}
## Copy the necessary files to your server:
Assuming you have set up a user *sfu*:
rsync -a sfu static data groups sfu@server.example.org:
## Run the server binary:
ssh sfu@server.example.org
nohup ./sfu &
If you are using *runit*, use a script like the following:
#!/bin/sh
exec 2>&1
cd ~sfu
exec setuidgid sfu ./sfu
If you are using *systemd*, use `Type=simple` in your service file.
# Locations
There is a landing page at the root of the server. It contains a form
for typing the name of a group, and a clickable list of public groups.
Groups are available under `/group/groupname`. You may share this URL
with others, there is no need to go through the landing page.
Recordings can be accessed under `/recordings/groupname`. This is only
available to the administrator of the group.
Some statistics are available under `/stats`. This is only available to
the server administrator.
# Group definitions
Groups are defined by files in the directory defined by the `-groups`
command-line option, one per group. The group definition file does not
contain the name of the group -- that makes it possible to set up a new
group just by copying a template file.
The group definition file contains a JSON directory with the following
fields, all of which are optional.
- `op`, `presenter`, `other`: each of these is an array of user
definitions (see below) and specifies the users allowed to connect
respectively with operator privileges, with presenter privileges, and
as passive listeners;
- `public`: if true, then the group is visible on the landing page;
- `description`: a human-readable description of the group; this is
displayed on the landing page for public groups;
- `max-clients`: the maximum number of clients that may join the group at
a time;
- `max-history-age`: the time, in seconds, during which chat history is
kept (default 14400, i.e. 4 hours);
- `allow-recording`: if true, then recording is allowed in this group;
- `allow-anonymous`: if true, then users may connect with an empty username.
- `redirect`: if set, then attempts to join the group will be redirected
to the given URL; most other fields are ignored in this case.
A user definition is a dictionary with the following fields:
- `username`: the username of the user; if omitted, any username is
allowed;
- `password`: the password of the user; if omitted, then any password
(including the empty paassword) is allowed.
For example
{"username":"jch", "password":"topsecret"}
specifies user *jch* with password *topsecret*, while
{"password":"topsecret"}
specifies that any username will do. The empty dictionary
{}
specifies that any username will do and that passwords are not verified.
# Commands
Typing a line starting with a slash `/` in the chat dialogue causes
a command to be sent to the server. The following commands are available
to all users:
- `/msg user text`: sends a private message;
- `/me text`: sends a chat message starting with the sender's username;
- `/leave`: equivalent to clicking the *Disconnect* button.
- `/set var val`: sets the value of a configuration variable without any
error checking. Without parameters, displays the current configuration.
- `/unset var`: removes a configuration variable.
The following commands are only available to users with operator
privileges:
- `/clear`: clears the chat history for all users;
- `/lock message`: prevents any new users from connecting to the group unless
they have operator privileges;
- `/unlock`: reverts the effect of `/lock`;
- `/record`: start recording;
- `/unrecord`: stop recording;
- `/op user`: gives operator privileges to a user;
- `/unop user`: takes away operator privileges;
- `/present user`: gives presenter privileges to a user;
- `/unpresent user`: takes away presenter privileges from a user and
forcibly closes any presentations from that user that may be taking place;
- `/kick user`: forcibly disconnects a user from the group.
--- Juliusz Chroboczek <https://www.irif.fr/~jch/>