mirror of
https://github.com/jech/galene.git
synced 2024-11-25 10:05:58 +01:00
The Galène videoconference server
conn | ||
data | ||
disk | ||
estimator | ||
group | ||
jitter | ||
packetcache | ||
rtpconn | ||
rtptime | ||
static | ||
stats | ||
webserver | ||
.gitignore | ||
go.mod | ||
go.sum | ||
README | ||
README.FRONTEND | ||
sfu.go |
# Installation ## Build the server binary CGO_ENABLED=0 go build -ldflags='-s -w' ## Create a server certificate mkdir data openssl req -newkey rsa:2048 -nodes -keyout data/key.pem -x509 -days 365 -out data/cert.pem ## Set the server administrator credentials This step is optional. echo 'god:topsecret' > data/passwd ## Set up a TURN server This step is optional, but unless you set up a TURN server, your server will be inaccessible from most enterprise and many university networks. For best results, set up TURN over TCP on port 443 (HTTPS); if port 443 is not available, port 1194 (OpenVPN) is a good choice. The address of the TURN server is configured in the file `data/ice-servers.json`. It should look like this: [{ "urls":["turn:turn.example.com:443?transport=tcp"], "username":"username", "credential":"password" }] The *username* and *password* should be the same as the ones in your TURN server's configuration. ## Set up a group A group is set up by creating a file `groups/name.json`. The available options are described below. mkdir groups vi groups/public.json { "public":true, "op":[{"username":"jch","password":"1234"}], "presenter":[{}], "max-users":100 } ## Copy the necessary files to your server: Assuming you have set up a user *sfu*: rsync -a sfu static data sfu@groups server.example.org:/home/sfu/ ## Run the server binary: ssh sfu@server.example.org nohup ./sfu & If you are using *runit*, use a script like the following: #!/bin/sh exec 2>&1 cd ~sfu exec setuidgid sfu ./sfu If you are using *systemd*, use `Type=simple` in your service file. # Locations There is a landing page at the root of the server. It contains a form for typing the name of a group, and a clickable list of public groups. Groups are available under `/group/groupname`. You may share this URL with others, there is no need to go through the landing page. Recordings can be accessed under `/recordings/groupname`. This is only available to the administrator of the group. Some statistics are available under `/stats`. This is only available to the server administrator. # Group definitions Groups are defined by files in the directory defined by the `-groups` command-line option, one per group. The group definition file does not contain the name of the group -- that makes it possible to set up a new group just by copying a template file. The group definition file contains a JSON directory with the following fields, all of which are optional. - `op`, `presenter`, `other`: each of these is an array of user definitions (see below) and specifies the users allowed to connect respectively with operator privileges, with presenter privileges, and as passive listeners; - `public`: if true, then the group is visible on the landing page; - `max-clients`: the maximum number of clients that may join the group at a time; - `allow-recording`: if true, then recording is allowed in this group; - `allow-anonymous`: if true, then users may connect with an empty username; this is not recommended, since anonymous users are not allowed to participate in the chat; - `redirect`: if set, then attempts to join the group will be redirected to the given URL; most other fields are ignored in this case. A user definition is a dictionary with the following fields: - `username`: the username of the user; if omitted, any username is allowed; - `password`: the password of the user; if omitted, then any password (including the empty paassword) is allowed. For example {"username":"jch", "password":"topsecret"} specifies user *jch* with password *topsecret*, while {"password":"topsecret"} specifies that any username will do. The empty dictionary {} specifies that any username will do and that passwords are not verified. # Commands Typing a line starting with a slash `/` in the chat dialogue causes a command to be sent to the server. The following commands are available to all users: - `/me text`: sends a chat message starting with the sender's username; - `/leave`: equivalent to clicking the *Disconnect* button. - `/set var val`: sets the value of a configuration variable without any error checking. Without parameters, displays the current configuration. - `/unset var`: removes a configuration variable. The following commands are only available to users with operator privileges: - `/clear`: clears the chat history for all users; - `/lock message`: prevents any new users from connecting to the group unless they have operator privileges; - `/unlock`: reverts the effect of `/lock`; - `/record`: start recording; - `/unrecord`: stop recording; - `/op user`: gives operator privileges to a user; - `/unop user`: takes away operator privileges; - `/present user`: gives presenter privileges to a user; - `/unpresent user`: takes away presenter privileges from a user and forcibly closes any presentations from that user that may be taking place; - `/kick user`: forcibly disconnects a user from the group. --- Juliusz Chroboczek <https://www.irif.fr/~jch/>