Congrats on the launch jech! These are the things that have made me really excited about Galène. If you are doing broadcasting/teaching you really can't beat it.
* The build/deploy is INSANELY easy. `go build` and a certificate.
* UI is a joy to use. Load it up, no frustrating loading screens or spinners. A clean layout that effectively uses the screen real estate.
* UI/Backend is decoupled and documented. Read `README.FRONTEND` it clearly lays out how to bring your own frontend.
* Built in a way you can learn from. The code is clear and concise, I have learned a lot from reading it and brought back ideas to my own work!
> Please don't post insinuations about astroturfing, shilling, brigading, foreign agents and the like. It degrades discussion and is usually mistaken. If you're worried about abuse, email hn@ycombinator.com and we'll look at the data.
Sean is the benevolent dictator of the Pion WebRTC library (https://github.com/pion/webrtc/), which is at the core of Galène. He was aware I'd be posting on HN, but we didn't arrange anything in advance, if that's what you're implying.
Great, works out of the box. I'd add an anonymous option to the login, even though you can leave the password empty.
Also, an indicator if TURN is used and if it's non-encrypted or encrypted would be great.
I haven't thought about it seriously, but I was thinking about simply using a shared key (PBKDF2, since that is implemented in the browser), with a symmetric cipher and HMAC.
To tell the truth, I haven't seen much demand for end-to-end: this is a web application, so an attacker who controls the server can simply serve Javascript with a backdoor.
Makes sense. WebRTC seems to address a lot of the security concerns [1], and with it being a web-application served remotely, not much need for e2e. Though, if you were to host the application locally, and manage the updates yourself you may want to have some form of e2e.
Remember it was initially implemented to support giving lectures to tens of students, who may join late or leave early. Having to teach remotely, let's try to at least not reproduce the annoyance of the physical world with the noise of the classroom's door ;-)
Jitsi is a great piece of software, as are the other alternatives listed on the web page. The opposition is not with other self-hosted videoconferencing solutions, but with cloud-based systems that impose restrictive usage conditions.
How do we convince people to switch to self-hosted solutions? I think that part of the solution lies in making them easier to deploy: ideally every high school, every community college should be able to have their own videoconferencing server, which can be used for lectures, for practicals, for student-teacher meetings ("office hours"), and hopefully for student socialisation (although in my experience students tend to prefer Discord, notwithstanding their outrageous usage conditions).
Galène is designed to be as easy and cheap to deploy as reasonable. It also has a number of features that make it useful for practicals (sharing multiple windows simultaneously, automatic creation of subgroups), which we found very difficult to organise online during the first French lockdown.
That's already implemented. Connect as an administrator and type /help in the chat window. (Your weapons are /warn, /mute, /kick, and /lock, in increasing order of severity.)
I thought the same. Really cool they list the alternatives on the project page. But a little something on why they did not use the alternatives but built their own would be very helpful for those evaluating the options.
Nice. I have been toying in this space myself and programmatic alternatives to the existing solutions I think are the way forward.
The future features are exactly what I'm looking for. Namely simulcast support to help bandwidth limited clients and server scalability/redundancy especially in a WAN scenario.
- it would be good to document/visualise the different components. AFAICT coturn is used to connect peers; what is galene responsible for? Signalling and room management?
- A big, clear link to the code on Github is always nice
Galène is not peer-to-peer: it's a traditional centralised server, where all media traffic goes through Galène. TURN is only used if the user's network blocks the UDP traffic between the client and Galène (TURN can use TCP, and can run on an unblocked port such as 443 or 1194).
Before Galène, I experimented with a pure peer-to-peer system, with end-to-end encryption. I found it to be too unreliable for group communication: with just 5 people in a group, you need to establish 10 peer-to-peer WebRTC flows, and the likelihood that all of them work well is essentially zero.
Thank NAT for that. I wonder how many hundreds of billions of dollars in hidden overhead it costs us annually by making peer to peer unreliable and complicating everything. Then throw in all the power consumed by all the cloud infrastructure we wouldn’t need.
“Null” in languages like Java has been called a trillion dollar mistake. NAT is probably worse.
Very interesting. How does it work scaling? Possible to have one loadbalancer with multiple servers? With autscaling? Or only works with one server for now?
For one-to-many communication (lectures), the behaviour is linear, and Galène should be able to serve about 400 participants per core
Scaling wise what are you trying to do?
* You can put different rooms on different servers. They don't have to aware of each other.
* If you want to scale out the broadcast case you will probably want to follow the ingest pattern. Have one server forward to n with viewers.
* If you want really large conference calls you will need to think about the experience. Residential internet can only accept so many incoming feeds. Do you want to enable/disable them on the fly? Do you want to have 'active speaker' only view etc.. not just a scaling problem but also UX.
> You can put different rooms on different servers. They don't have to aware of each other.
Yes. You could then use a reverse HTTPS proxy to route each client to the right instance of Galène.
For very large groups, that need to be split between multiple servers, you'll need to wait until we implement server federation (distributing a group over multiple, geographically distant servers). I know for a fact that Jitsi implements federation, not sure about Ion-SFU.
How would I actually go about doing this? By default I can see that the process binds to localhost:8443, which is not accessible via other devices. Running the following command doesn't seem to work either:
galene -http 0.0.0.0:8443
Using a nginx server as a reverse proxy, I have the following that works for HTTP but not WebSocket:
server {
server_name galene.domain.com;
location / {
proxy_pass https://127.0.0.1:8443/;
proxy_set_header Host $host;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/natfan.io/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/natfan.io/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
Thoughts? Happy to move this to Github if that's easier too.
By default, we bind to ":8443", which is Go's notation for port 8443 on all IP addresses, IPv4 and IPv6.
Galène's WebSocket is located at /ws, and I believe that nginx requires that you configure this specially. See https://www.nginx.com/blog/websocket-nginx/.
An alternative to reverse proxying is to use HTTP redirects: you can define a group as
Does this mean that the server has to send n identical packets for every packet that would have been sent in a 1:1 situation? I don't know if a different solution exists, but this seems wasteful.
Not really. In a p2p scenario with n participants, every participant needs to send (n - 1) copies of the packet. In a centralised scenario, each participant sends just one copy of the packet, and the server duplicates it (n - 1) times.
Whether this is wasteful depends on where the server is located. If the server is close to the receivers, it is a net gain. If the server is in the US while all of the participants are in Europe, it's a terrible waste, since all of the packets need to cross the Atlantic.
Server federation solves the issue: you put one server in the US, one in Europe, and each packet crosses the Atlantic exactly once.
Shouldn't there be some kind of broadcast mode, where TCP/IP solves the problem of routing (n-1) identical packets in the most efficient way possible?
How does this work when e.g. the BBC broadcasts an internet live stream with millions of viewers? Shouldn't a conference call work in essentially the same way?
Duplicating a packet in the network is called multicast, and it isn't implemented in the real Internet.
Most large-scale broadcasts use technologies such as HTTP Live Streaming (HLS) or MPEG-DASH, which carve a video into 3-second intervals that are then distributed using ordinary HTTP over a CDN. The problem with these technologies is that they have a latency of a few seconds, which means that you cannot have a meaningful conversation over them.
* The build/deploy is INSANELY easy. `go build` and a certificate.
* UI is a joy to use. Load it up, no frustrating loading screens or spinners. A clean layout that effectively uses the screen real estate.
* UI/Backend is decoupled and documented. Read `README.FRONTEND` it clearly lays out how to bring your own frontend.
* Built in a way you can learn from. The code is clear and concise, I have learned a lot from reading it and brought back ideas to my own work!