[Galene] Message from KOS

[Galene] Message from KOS

[KOS]

Hello,
I have compiled Galene for Windows 10 and it works perfectly. Thanks so 
much about this amazing and lightweight program!

I am using it for family usage, under a static IP address on ADSL.
Because of family usage, I do not need a certificate, the self-signed certificate 
is enough for me.
I accept this certificate on the family browsers and everything runs well.

The problem is that when the Galene server restarts, a new self-signed certificate 
is created (probably) and all the family members have to accept again the 
new certificate in their browsers.
Is there any way to make this certificate sticky in Galene, so that no new 
certificate is generated on every Galene server restart?

Thank you
KOS

[Galene] Re: Message from KOS

[Juliusz Chroboczek]

> I have compiled Galene for Windows 10 and it works perfectly. Thanks so
> much about this amazing and lightweight program!

Thanks for the kind words.

> The problem is that when the Galene server restarts, a new self-signed
> certificate is created (probably) and all the family members have to
> accept again the new certificate in their browsers.
> Is there any way to make this certificate sticky in Galene, so that no new
> certificate is generated on every Galene server restart?

Just generate a self-sigend certificate, and put it in the "data" directory.

If you have a copy of openssl, chdir into the data directory, then do:

  openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 -out cert.pem

If you don't have openssl, the simplest is probably to use the
"generate_cert.go" program, which is included in the Go distribution under
"src/rypto/tls".  You may download a copy here:

  https://github.com/golang/go/raw/master/src/crypto/tls/generate_cert.go

-- Juliusz

[Galene] Re: Message from KOS

[KOS]

> [Galene] Re: Message from KOS – Thanks for the kind words.
>
> > The problem is that when the Galene server restarts, a new self-signed
> > certificate is created (probably) and all the family members have to
> > accept again the new certificate in their browsers.
> > Is there any way to make this certificate sticky in Galene, so that 
> no new
> > certificate is generated on every Galene server restart?
>
> Just generate a self-sigend certificate, and put it in the "data" directory.
>
> If you have a copy of openssl, chdir into the data directory, then do:
>
>   openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 
> -out cert.pem
>
> If you don't have openssl, the simplest is probably to use the
> "generate_cert.go" program, which is included in the Go distribution under
> "src/rypto/tls".  You may download a copy here:
>
>   https://github.com/golang/go/raw/master/src/crypto/tls/generate_cert.go
>
> -- Juliusz [...]

Thanks so much!
Just for the reference of the members of the list:

There was no data directory, so I created one in the same directory as the 
galene.exe

I had to run the next command to generate the certificates
go run generate_cert.go --host example.com,127.0.0.1,::1  --ecdsa-curve 
P256 --ca --start-date "Jan 1 00:00:00 1970" --duration=1000000h
by changing the "example.com" accordingly of course.

Then I put the generated cert.pem and key.pem into the data directory.

Another hint in windows 10 that allows for running the galene.exe on startup 
without any window appearing (hidden).
1. Create a .vbs file, eg start.vbs with the next code in it:
Dim WinScriptHost
Set WinScriptHost = CreateObject("WScript.Shell")
WinScriptHost.Run Chr(34) & "start.bat" & Chr(34), 0
Set WinScriptHost = Nothing

2. Make a shortcut of thie start.vbs to the "start-up" menu of the windoes.

3. Create a start.bat file, in the same directory as the start.vbs, and 
put the next code in:
cd C:\Program Files (x86)\galene (edit accordingly)
galene -turn "<your-external-router-static-IP>:1194"

4. Set your router NAT (port forwarding) to route the 1194 and 8443 ports 
in your lan, in the PC that runs the galene.exe

5. Configure the groups. Put a home.json (or whatever group name you want) 
in the "groups" folder, after you create this folder. In my case, I wanted 
things to be as easy for the family as possible to I did not setup any username. 
The code in the home.json was this
{
     "op": [{"username": "the-admin-username-here", "password": "the-admin-password-here"}],
     "presenter": [{"password": "I-put-my-mobile-phone-here-that-all-family-members-know"}],
	"allow-anonymous": true,
     "allow-recording": true,
	"max-clients": 8,
     "public": false
}

6. Optionally you can edit the static/galene.html to translate the login 
form to your language or set as default the camera and microphone radio 
button, just to make it easier (less clicks) for the family to access it.

7. In the mobile phones of the family members, access the channel page directly 
(no home page) from chrome only (sorry firefox did not work for me, no matter 
if I click allow to use the camera). Then from the chrome options, place 
a shortcut of the channel page to the desktop of the mobile phones. Each 
time the member wants to get in the conference, he just clicks the icon 
on his desktop.
With the self-signed solution at the beginning of the message, the members 
only need to accept the security risk once and it is no more annoying to 
them anymore.

8. If you have a wifi at home, you need to make 2 desktop shortcuts in your 
mobile phone. One of them, will have a URL that has your domain name (if 
you have one), or static external IP in it. This shortcut will be clicked 
if the member wants to access galene from 4G/5G (i.e outside of your home 
network).
The second shortcut will have the internal static LAN IP address of the 
server the galene runs in, instead of the domain name or external IP. You 
will use this if you connect to the galene from your home WIFI (i.e. locally)

I hope these steps are a complete guide of how to run galene from windows 
10 at home, behind a router, if you have a static IP.

Feel free to shate this information with the community or in your website. 
I do not have the time to do so.

Regards to all the members of the list.
KOS

[Galene] Re: Message from KOS

[Juliusz Chroboczek]

> 1. Create a .vbs file, eg start.vbs with the next code in it:
> Dim WinScriptHost
> Set WinScriptHost = CreateObject("WScript.Shell")
> WinScriptHost.Run Chr(34) & "start.bat" & Chr(34), 0
> Set WinScriptHost = Nothing

Or simply recompile with "-ldflags -H=windowsgui".  But then, you won't be
able to see the logs.

> 4. Set your router NAT (port forwarding) to route the 1194 and 8443 ports
> in your lan, in the PC that runs the galene.exe

1194 needs both TCP and UDP for best performance.

> 8. If you have a wifi at home, you need to make 2 desktop shortcuts in
> your mobile phone. [...]
> The second shortcut will have the internal static LAN IP address of the
> server the galene runs in, instead of the domain name or external IP.

That's only needed if your NAT doesn't do hairpinning, and that's going to
cause all sorts of other trouble.  Please try to configure your NAT so
hairpinning works.

  https://en.wikipedia.org/wiki/Network_address_translation#NAT_hairpinning

-- Juliusz

[Galene] Re: Message from KOS

[KOS]

> [Galene] Re: Message from KOS – Or simply recompile with "-ldflags -H=windowsgui".  
> But then, you won't be
> able to see the logs.
>
> > 4. Set your router NAT (port forwarding) to route the 1194 and 8443 
> ports
> > in your lan, in the PC that runs the galene.exe
>
> 1194 needs both TCP and UDP for best performance.
>
> > 8. If you have a wifi at home, you need to make 2 desktop shortcuts 
> in
> > your mobile phone. [...]
> > The second shortcut will have the internal static LAN IP address of 
> the
> > server the galene runs in, instead of the domain name or external IP.
>
> That's only needed if your NAT doesn't do hairpinning, and that's going 
> to
> cause all sorts of other trouble.  Please try to configure your NAT so
> hairpinning works.
>
>   https://en.wikipedia.org/wiki/Network_address_translation#NAT_hairpinning
>
> -- Juliusz [...]

I am not sure if my router supports that. It is the ZXHN H108N V2.5. I haven't 
found any option named hairpinning. Perhaps this is not an option but a 
set of settings to enable this feature?

[Galene] Re: Message from KOS

[KOS]

Hello, I have created in Galene a channel accessed publicly without username, 
but with a password.

I wonder if there is the ability (or how it can be done), every time a user 
joins this channel, galene to be able to send an email notification to a 
list of predefined emails?

"A new user whas joined the channel"

[Galene] Re: Message from KOS

[Juliusz Chroboczek]

> Hello, I have created in Galene a channel accessed publicly without
> username, but with a password.
> 
> I wonder if there is the ability (or how it can be done), every time
> a user joins this channel, galene to be able to send an email notification
> to a list of predefined emails?

https://en.wikipedia.org/wiki/Jamie_Zawinski#Zawinski's_Law

It should be quite easy to write a bot that monitors the channel and sends
an email whenever somebody joins.

You could start with the code here:

  https://github.com/jech/galene-file-transfer/blob/master/galene-file-transfer.go

and remove all of the code in the main loop, and send an email when you
receive a message of type "user" with kind "add":

  https://github.com/jech/galene-file-transfer/blob/master/galene-file-transfer.go#L291

Please let me know if you need help.

-- Juliusz