Galène is configured mainly through JSON group files and runtime flags.
A good production setup defines strict room roles, TURN fallback, and bounded recording/storage behavior.
| Attribute | Details |
|---|---|
| License | MIT |
| Technical Stack | Go (server), JavaScript (client) |
| Config Location | /etc/galene/groups/ |
| Data Directory | /var/lib/galene/ |
Group files are stored in the group directory (default: /etc/galene/groups/).
{
"public": true,
"description": "Engineering team room",
"users": {
"moderator": {
"password": "secure-password",
"permissions": "op"
},
"presenter": {
"password": "present-password",
"permissions": "present"
},
"viewer": {
"password": "view-password",
"permissions": "view"
}
}
}
| Permission | Description |
|---|---|
op |
Operator - full control, can manage users |
present |
Presenter - can share video, audio, screen |
view |
Viewer - can only watch |
{
"public": false,
"description": "Private meeting room",
"authKeys": [
{
"kty": "oct",
"alg": "HS256",
"k": "base64-encoded-secret-key"
}
],
"users": {
"admin": {
"password": "hashed-password",
"permissions": "op"
}
},
"maxUsers": 50,
"recording": true
}
Galène generates self-signed certificates by default. For production:
server {
listen 443 ssl http2;
server_name galene.example.com;
ssl_certificate /etc/letsencrypt/live/galene.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/galene.example.com/privkey.pem;
location / {
proxy_pass https://127.0.0.1:8443;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# WebSocket support (required)
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
For clients behind restrictive firewalls, configure a TURN server:
{
"turn": [
{
"urls": ["turn:turn.example.com:3478"],
"username": "galene",
"credential": "turn-password"
}
]
}
/etc/galene/groups/
├── public.json # Open access, limited permissions
├── team.json # Team meetings, authenticated users
├── executive.json # Private, op permissions only
└── webinar.json # Large audience, view-only mostly
In group configuration:
{
"recording": true,
"recordingPath": "/var/lib/galene/recordings"
}
# Check recording disk usage
du -sh /var/lib/galene/recordings/*
# Set up retention policy (cron)
0 2 * * 0 find /var/lib/galene/recordings -type f -mtime +90 -delete
Galène supports command-line flags:
| Flag | Description | Default |
|---|---|---|
-data-dir |
Data directory | ./data |
-group-dir |
Group configuration directory | ./groups |
-http |
HTTP listen address | :8080 |
-https |
HTTPS listen address | :8443 |
-tls |
Enable TLS | true |
Example systemd service:
[Service]
ExecStart=/usr/local/bin/galene -data-dir /var/lib/galene -group-dir /etc/galene/groups -https :8443
# Create backup
tar -czf galene-backup-$(date +%Y%m%d).tar.gz \
/etc/galene/groups \
/var/lib/galene/recordings \
/var/lib/galene/static
# Check service status
sudo systemctl status galene
# View group configurations
sudo ls -l /etc/galene/groups/
# Check group file syntax
sudo cat /etc/galene/groups/*.json | python3 -m json.tool
# View logs
sudo journalctl -u galene --since "1 hour ago"
# Check listening ports
sudo ss -tulpn | grep galene
Any questions?
Feel free to contact us. Find all contact information on our contact page.