Galène videoconferencing server discussion list archives
 help / color / mirror / Atom feed
From: KOS <sv3ora@qrp.gr>
To: <galene@lists.galene.org>
Subject: [Galene] Re: Message from KOS
Date: Wed, 20 Dec 2023 18:20:44 +0000	[thread overview]
Message-ID: <Mr.rC099RMxkQe.IBvDTXSB7mf@qrp.gr> (raw)
In-Reply-To: <875y0t0ye4.wl-jch@irif.fr>

> [Galene] Re: Message from KOS – Thanks for the kind words.
>
> > The problem is that when the Galene server restarts, a new self-signed
> > certificate is created (probably) and all the family members have to
> > accept again the new certificate in their browsers.
> > Is there any way to make this certificate sticky in Galene, so that 
> no new
> > certificate is generated on every Galene server restart?
>
> Just generate a self-sigend certificate, and put it in the "data" directory.
>
> If you have a copy of openssl, chdir into the data directory, then do:
>
>   openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 
> -out cert.pem
>
> If you don't have openssl, the simplest is probably to use the
> "generate_cert.go" program, which is included in the Go distribution under
> "src/rypto/tls".  You may download a copy here:
>
>   https://github.com/golang/go/raw/master/src/crypto/tls/generate_cert.go
>
> -- Juliusz [...]

Thanks so much!
Just for the reference of the members of the list:

There was no data directory, so I created one in the same directory as the 
galene.exe

I had to run the next command to generate the certificates
go run generate_cert.go --host example.com,127.0.0.1,::1  --ecdsa-curve 
P256 --ca --start-date "Jan 1 00:00:00 1970" --duration=1000000h
by changing the "example.com" accordingly of course.

Then I put the generated cert.pem and key.pem into the data directory.

Another hint in windows 10 that allows for running the galene.exe on startup 
without any window appearing (hidden).
1. Create a .vbs file, eg start.vbs with the next code in it:
Dim WinScriptHost
Set WinScriptHost = CreateObject("WScript.Shell")
WinScriptHost.Run Chr(34) & "start.bat" & Chr(34), 0
Set WinScriptHost = Nothing

2. Make a shortcut of thie start.vbs to the "start-up" menu of the windoes.

3. Create a start.bat file, in the same directory as the start.vbs, and 
put the next code in:
cd C:\Program Files (x86)\galene (edit accordingly)
galene -turn "<your-external-router-static-IP>:1194"

4. Set your router NAT (port forwarding) to route the 1194 and 8443 ports 
in your lan, in the PC that runs the galene.exe

5. Configure the groups. Put a home.json (or whatever group name you want) 
in the "groups" folder, after you create this folder. In my case, I wanted 
things to be as easy for the family as possible to I did not setup any username. 
The code in the home.json was this
{
     "op": [{"username": "the-admin-username-here", "password": "the-admin-password-here"}],
     "presenter": [{"password": "I-put-my-mobile-phone-here-that-all-family-members-know"}],
	"allow-anonymous": true,
     "allow-recording": true,
	"max-clients": 8,
     "public": false
}

6. Optionally you can edit the static/galene.html to translate the login 
form to your language or set as default the camera and microphone radio 
button, just to make it easier (less clicks) for the family to access it.

7. In the mobile phones of the family members, access the channel page directly 
(no home page) from chrome only (sorry firefox did not work for me, no matter 
if I click allow to use the camera). Then from the chrome options, place 
a shortcut of the channel page to the desktop of the mobile phones. Each 
time the member wants to get in the conference, he just clicks the icon 
on his desktop.
With the self-signed solution at the beginning of the message, the members 
only need to accept the security risk once and it is no more annoying to 
them anymore.

8. If you have a wifi at home, you need to make 2 desktop shortcuts in your 
mobile phone. One of them, will have a URL that has your domain name (if 
you have one), or static external IP in it. This shortcut will be clicked 
if the member wants to access galene from 4G/5G (i.e outside of your home 
network).
The second shortcut will have the internal static LAN IP address of the 
server the galene runs in, instead of the domain name or external IP. You 
will use this if you connect to the galene from your home WIFI (i.e. locally)

I hope these steps are a complete guide of how to run galene from windows 
10 at home, behind a router, if you have a static IP.

Feel free to shate this information with the community or in your website. 
I do not have the time to do so.

Regards to all the members of the list.
KOS


  reply	other threads:[~2023-12-20 18:20 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-12-20 12:19 [Galene] " KOS
2023-12-20 13:57 ` [Galene] " Juliusz Chroboczek
2023-12-20 18:20   ` KOS [this message]
2023-12-20 22:22     ` Juliusz Chroboczek
2023-12-20 22:28       ` KOS
2024-01-23 10:24         ` KOS
2024-01-23 14:11           ` Juliusz Chroboczek

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://lists.galene.org/postorius/lists/galene.lists.galene.org/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=Mr.rC099RMxkQe.IBvDTXSB7mf@qrp.gr \
    --to=sv3ora@qrp.gr \
    --cc=galene@lists.galene.org \
    --subject='[Galene] Re: Message from KOS' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox