Galène videoconferencing server discussion list archives
 help / color / mirror / Atom feed
From: "Rémy Dernat" <remy.dernat@umontpellier.fr>
To: galene@lists.galene.org
Subject: [Galene] Re: Galene in Docker [was: ANNOUNCE: galene-0.6.2]
Date: Thu, 12 Jan 2023 19:08:15 +0100	[thread overview]
Message-ID: <410ea8f2-1981-8521-62bc-27f2cf5cb073@umontpellier.fr> (raw)
In-Reply-To: <20230112103442.14651e37@gato.skoll.ca>


[-- Attachment #1.1.1: Type: text/plain, Size: 2668 bytes --]

Hi,

My Galene server is running behind a Nginx RP for more than one year. I 
attached my galene server configuration on nginx. It is really simple.

It needs a Let's encrypt certificate, but you may be able to do it with 
ZeroSSL or whatever, or even in basic HTTP with no certs.

I have also a "/room" served from this php code : 
https://github.com/remyd1/galene_room

You can remove this part safely if not needed.

   - edit it and replace galene.example.tld with your FQDN

   - put this in /etc/nginx/sites-available, and do a symlink to it from 
/etc/nginx/sites-enabled

   - test it with "nginx -t"

   - if it is ok, it just should work as is after restarting the nginx 
service.


However, I have a cron job for LE renewals; when certs are changing, you 
may need to check permissions and reload your HTTP server (my server is 
running under a "galene" user, so this user is using acl ({get,set}facl) 
to access to /etc/letsencrypt [1][2]).


Best regards,


[1] in attachments, you can also find a galene.service file to put in 
/etc/systemd/system/, then do "systemctl daemon-reload" (...) "systemctl 
start galene" and an update bash script to update a galene server (my 
galene source code is in /opt/galene-src and galene is installed in 
~galene/...)

[2] To fix permissions after LE renewals, I have this in crontab

@weekly /root/crons/letsencrypt && /root/fix-perms.sh && 
/usr/bin/systemctl restart galene

with fix-perms.sh content :

#!/bin/bash
echo "Checking permissions..."
chown -R galene:galene ~galene
setfacl -R -m u:galene:rx /etc/letsencrypt/
for file in `ls /etc/letsencrypt/live/galene.example.tld/`
do
     setfacl -m u:galene:r /etc/letsencrypt/live/galene.example.tld/$file
done

Le 12/01/2023 à 16:34, Dianne Skoll a écrit :
> On Thu, 12 Jan 2023 16:29:05 +0100
> Juliusz Chroboczek <jch@irif.fr> wrote:
>
>> I think we're agreeing: running Galene in a Docker container is
>> possible, but it's not as convenient as with traditional web apps.  I
>> feel it's not worth the hassle, but reasonable people may disagree.
> If Galene were complicated to set up, that might argue for using
> Docker to reduce installation headaches... but it's a single
> executable with a pretty simple set of config files, so I don't see
> Docker buying much.
>
> Running behind an HTTP proxy, though, is very useful.
>
> Regards,
>
> Dianne.
> _______________________________________________
> Galene mailing list -- galene@lists.galene.org
> To unsubscribe send an email to galene-leave@lists.galene.org

-- 
Chef de projet SI CNRS
Equipe ISI
ISEM UMR5554


[-- Attachment #1.1.2: galene.conf --]
[-- Type: text/plain, Size: 1618 bytes --]

server {
    listen 443 default_server ssl;
    listen [::]:443 default_server ssl;
    server_name galene.example.tld;
    ssl_certificate /etc/letsencrypt/live/galene.example.tld/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/galene.example.tld/privkey.pem;

    location /room/api {
        root /var/www/html;
        deny all;
        return 404;
    }
    location /room {
        root /var/www/html;
        auth_basic "Restricted Content";
        auth_basic_user_file /etc/nginx/.htpasswd;
        location ~ \.php$ {
            include snippets/fastcgi-php.conf;
            fastcgi_pass unix:/run/php/php7.4-fpm.sock;
        }
    }
    
    location /api {
        root /var/www/html/room/;
        auth_basic "Restricted Content";
        auth_basic_user_file /etc/nginx/.htpasswdapi;
        location ~ \.php$ {
            include snippets/fastcgi-php.conf;
            fastcgi_pass unix:/run/php/php7.4-fpm.sock;
        }
    }
    
    location / {
    
      # Force usage of https
      if ($scheme = http) {
        rewrite ^ https://$server_name$request_uri? permanent;
      }
    
      proxy_pass        https://127.0.0.1:8443;
      proxy_redirect    off;
      proxy_set_header  Host $host;
      proxy_set_header  X-Real-IP $remote_addr;
      proxy_set_header  X-Forwarded-Proto $scheme;
      proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header  X-Forwarded-Host $server_name;
     

      # WebSocket support
      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "upgrade";
    }
}

[-- Attachment #1.1.3: galene.service --]
[-- Type: text/x-dbus-service, Size: 290 bytes --]

# /etc/systemd/system/galene.service
[Unit]
Description=Galene
After=network.target

[Service]
Type=simple
WorkingDirectory=/home/galene
User=galene
Group=galene
EnvironmentFile=/etc/default/galene
ExecStart=/home/galene/galene $ARGS
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target

[-- Attachment #1.1.4: update-galene.sh --]
[-- Type: application/x-shellscript, Size: 1043 bytes --]

[-- Attachment #1.1.5: OpenPGP public key --]
[-- Type: application/pgp-keys, Size: 2327 bytes --]

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 495 bytes --]

  reply	other threads:[~2023-01-12 18:08 UTC|newest]

Thread overview: 24+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-01-11 18:57 [Galene] ANNOUNCE: galene-0.6.2 Juliusz Chroboczek
2023-01-11 19:20 ` [Galene] " Juliusz Chroboczek
2023-01-12  7:07   ` Fabrice Rouillier
2023-01-12 12:13     ` Juliusz Chroboczek
2023-01-12 12:18       ` Werner Fleck
2023-01-12 12:42         ` Juliusz Chroboczek
2023-01-12 13:55           ` Werner Fleck
2023-01-12 14:47             ` [Galene] Galene in Docker [was: ANNOUNCE: galene-0.6.2] Juliusz Chroboczek
2023-01-12 15:01               ` [Galene] " Werner Fleck
2023-01-12 15:29                 ` Juliusz Chroboczek
2023-01-12 15:32                   ` Fabrice Rouillier
2023-01-12 15:34                   ` Dianne Skoll
2023-01-12 18:08                     ` Rémy Dernat [this message]
2023-01-12 18:16                       ` Dianne Skoll
2023-01-12 21:30                         ` Juliusz Chroboczek
2023-01-15 21:16                           ` Fabrice Rouillier
2023-01-27  9:11                             ` Fabrice Rouillier
2023-01-27 11:50                               ` Juliusz Chroboczek
2023-01-27 11:56                                 ` Fabrice Rouillier
2023-01-12 20:50                     ` Fabrice Rouillier
2023-01-12 21:37                       ` Juliusz Chroboczek
2023-01-12 15:18             ` [Galene] Re: ANNOUNCE: galene-0.6.2 Fabrice Rouillier
2023-01-12 17:00               ` Werner Fleck
2023-01-17 13:55                 ` Werner Fleck

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://lists.galene.org/postorius/lists/galene.lists.galene.org/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=410ea8f2-1981-8521-62bc-27f2cf5cb073@umontpellier.fr \
    --to=remy.dernat@umontpellier.fr \
    --cc=galene@lists.galene.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox