[Galene] Re: Message from KOS

[KOS <sv3ora@qrp.gr>]

> [Galene] Re: Message from KOS – Thanks for the kind words.
>
> > The problem is that when the Galene server restarts, a new self-signed
> > certificate is created (probably) and all the family members have to
> > accept again the new certificate in their browsers.
> > Is there any way to make this certificate sticky in Galene, so that 
> no new
> > certificate is generated on every Galene server restart?
>
> Just generate a self-sigend certificate, and put it in the "data" directory.
>
> If you have a copy of openssl, chdir into the data directory, then do:
>
>   openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 
> -out cert.pem
>
> If you don't have openssl, the simplest is probably to use the
> "generate_cert.go" program, which is included in the Go distribution under
> "src/rypto/tls".  You may download a copy here:
>
>   https://github.com/golang/go/raw/master/src/crypto/tls/generate_cert.go
>
> -- Juliusz [...]

Thanks so much!
Just for the reference of the members of the list:

There was no data directory, so I created one in the same directory as the 
galene.exe

I had to run the next command to generate the certificates
go run generate_cert.go --host example.com,127.0.0.1,::1  --ecdsa-curve 
P256 --ca --start-date "Jan 1 00:00:00 1970" --duration=1000000h
by changing the "example.com" accordingly of course.

Then I put the generated cert.pem and key.pem into the data directory.

Another hint in windows 10 that allows for running the galene.exe on startup 
without any window appearing (hidden).
1. Create a .vbs file, eg start.vbs with the next code in it:
Dim WinScriptHost
Set WinScriptHost = CreateObject("WScript.Shell")
WinScriptHost.Run Chr(34) & "start.bat" & Chr(34), 0
Set WinScriptHost = Nothing

2. Make a shortcut of thie start.vbs to the "start-up" menu of the windoes.

3. Create a start.bat file, in the same directory as the start.vbs, and 
put the next code in:
cd C:\Program Files (x86)\galene (edit accordingly)
galene -turn "<your-external-router-static-IP>:1194"

4. Set your router NAT (port forwarding) to route the 1194 and 8443 ports 
in your lan, in the PC that runs the galene.exe

5. Configure the groups. Put a home.json (or whatever group name you want) 
in the "groups" folder, after you create this folder. In my case, I wanted 
things to be as easy for the family as possible to I did not setup any username. 
The code in the home.json was this
{
     "op": [{"username": "the-admin-username-here", "password": "the-admin-password-here"}],
     "presenter": [{"password": "I-put-my-mobile-phone-here-that-all-family-members-know"}],
	"allow-anonymous": true,
     "allow-recording": true,
	"max-clients": 8,
     "public": false
}

6. Optionally you can edit the static/galene.html to translate the login 
form to your language or set as default the camera and microphone radio 
button, just to make it easier (less clicks) for the family to access it.

7. In the mobile phones of the family members, access the channel page directly 
(no home page) from chrome only (sorry firefox did not work for me, no matter 
if I click allow to use the camera). Then from the chrome options, place 
a shortcut of the channel page to the desktop of the mobile phones. Each 
time the member wants to get in the conference, he just clicks the icon 
on his desktop.
With the self-signed solution at the beginning of the message, the members 
only need to accept the security risk once and it is no more annoying to 
them anymore.

8. If you have a wifi at home, you need to make 2 desktop shortcuts in your 
mobile phone. One of them, will have a URL that has your domain name (if 
you have one), or static external IP in it. This shortcut will be clicked 
if the member wants to access galene from 4G/5G (i.e outside of your home 
network).
The second shortcut will have the internal static LAN IP address of the 
server the galene runs in, instead of the domain name or external IP. You 
will use this if you connect to the galene from your home WIFI (i.e. locally)

I hope these steps are a complete guide of how to run galene from windows 
10 at home, behind a router, if you have a static IP.

Feel free to shate this information with the community or in your website. 
I do not have the time to do so.

Regards to all the members of the list.
KOS