Galène is lightweight, but security still depends on strict group policy files, trusted ICE/TURN configuration, and tight admin endpoint exposure.
| Attribute | Details |
|---|---|
| License | MIT |
| Technical Stack | Go (server), JavaScript (client) |
| Security Model | Group-based access control |
| Documentation | galene.org |
Never use open access for sensitive meetings:
{
"public": false,
"description": "Private team room",
"users": {
"alice": {
"password": "hashed-password-here",
"permissions": "op"
},
"bob": {
"password": "hashed-password-here",
"permissions": "present"
}
}
}
Use bcrypt or similar for password storage:
# Generate password hash (example using htpasswd)
htpasswd -nbB username password
# Allow only required ports
sudo ufw allow 8443/tcp # HTTPS
sudo ufw allow 443/tcp # If using reverse proxy
# Deny direct access if using reverse proxy
sudo ufw deny 8443/tcp
Always use TLS in production:
server {
listen 443 ssl http2;
# Strong TLS settings
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256;
ssl_prefer_server_ciphers off;
# HSTS
add_header Strict-Transport-Security "max-age=63072000" always;
}
Use authenticated TURN relays:
{
"turn": [
{
"urls": ["turn:turn.example.com:3478"],
"username": "galene-user",
"credential": "strong-turn-password"
}
]
}
# /etc/turnserver.conf
listening-port=3478
tls-listening-port=5349
min-port=49152
max-port=65535
realm=turn.example.com
server-name=turn.example.com
lt-cred-mech
user=galene-user:strong-password
# Check current version
galene --version
# Rebuild from source
cd /tmp/galene-build
git pull origin master
CGO_ENABLED=0 go build -ldflags='-s -w'
sudo cp galene /usr/local/bin/
sudo systemctl restart galene
# View recent auth failures
sudo journalctl -u galene | grep -i 'auth\|fail\|denied'
# Monitor active connections
sudo journalctl -u galene -f | grep -E 'join|leave|connect'
# Check group file permissions
sudo ls -l /etc/galene/groups/
# Verify no anonymous access
sudo grep -R "allow-anonymous\|public.*true" /etc/galene/groups/
# Check listening ports
sudo ss -tulpn | grep -E ':8443|:443'
# Review service status
sudo systemctl status galene
# Check TLS certificate
echo | openssl s_client -connect localhost:8443 2>/dev/null | openssl x509 -noout -dates
| Resource | URL |
|---|---|
| Galène Documentation | galene.org |
| Source Repository | github.com/jech/galene |
| Group Configuration | github.com/jech/galene/blob/master/README.PROTOCOL |
| FAQ | galene.org/faq.html |
Any questions?
Feel free to contact us. Find all contact information on our contact page.