You are not logged in.

Pages: 1

#1 2025-12-11 16:55:03

eomanis
Member
Registered: 2013-04-17
Posts: 66

Self-hosted video chat for mere mortals, is it possible?

So I want to set up a self-hosted video chat to not be dependent on Discord.

I am already hosting multiple bare-metal services without problems.
For starters a Caddy instance, behind which are a bunch of application servers such as Paperless-NGX, Etebase, Jellyfin, Navidrome. Then also some self-contained things like a ProFTPD instance and Syncthing.

As a half-assed security measure I keep everything out of the line-of-fire by not hosting them on the default ports and (where applicable) hosting them on hard-to-guess subdomains, so they cannot easily be detected by port scanners.

Unfortunately it appears that I have found my match with this video chat thing.

The FOSS solutions of good repute that I know of, e. g. Jitsi, seem like complexity behemoths with multiple cooperating services and heavy requirements regarding internet connectivity:

  • No NAT supported (?)

  • Must use default ports to work

  • Require an ungodly amount of ports forwarded exclusively to them

  • Require an external TURN server (which is a complex beast and needs to be secured against unauthorized use)

  • Cannot handle public IP address changes by themselves

  • (...)

It is enough to make your head spin. Like, what the hell.

What I have is the run-of-the-mill consumer internet connection of the self-hosting aficionado:

  • VDSL broadband (40 MBit/s up and 100 MBit/s down, maybe upgrade to 300-up 600-down fiber soon)

  • 1 full IPv4 address with NAT in my router (no CGNAT or other funny business)

  • Full IPv6 connectivity

  • Forced reconnect after 24 hours that changes all public IP addresses

  • A capable server with a private IPv4 and a public IPv6 address

  • The ability to forward ports to the server's internal IPv4 address

  • The ability to open the router's firewall's ports towards the server's public IPv6 address

  • A dynamic DNS record with the router's public IPv4 address and the server's public IPv6 address that updates itself after a reconnect

  • A Let's Encrypt certificate for the domain name and any of its subdomains with automatic renewal

  • A Caddy reverse proxy on the server, as mentioned

What do I want? Nothing that I perceive to be over the top:

  • Video chat for 3..4, maybe sometimes 6..7 people

  • TLS between clients and the server

  • A browser-based client so no apps can get bit rot

  • Local, manual user and group management

  • Hosting on both IPv4 and IPv6

  • Hosting on a subdomain

  • Hosting on a non-standard port

  • Hosting on a sane number of forwarded ports

  • No containers, must be bare-metal; I need to understand and control what is happening

  • No 3rd party services (you know, "self hosting")

What I do not need:

  • Federation

  • User registration from outside

  • End-to-end encryption

  • Client-to-client (P2P) video connections (everything can bounce off the server for all I care)

Reasonable stuff. Imagine Mumble but with video and a web client.

I have found Galène [1] [2], supposedly a no-frills battle-hardenend FOSS video chat server that has its roots in French academia during Covid.
It fits the scope well and does not even require a reverse proxy; you run a self-contained executable that has access to some Let's Encrypt certificate and you open some ports for it, and that should be that.

I got Galène to run its web frontend on a custom subdomain on a custom port with the Let's Encrypt certificate and everything, and I can log in with my users no problem. It is lightning fast.

What does *not* work though is video chat with anybody from outside my LAN. For example, from my smartphone over mobile internet.

When I try that, the Galène server spits out a bunch of log text about how its built-in TURN server tries and fails to broker a video connection between the local and the remote client using something called Interactive Connectivity Establishment (ICE).
So okay, this did not work. But that is what the built-in TURN server is for, no? To relay the video? That is why the server has open ports after all.
But the relay never gets going. Maybe because this built-in TURN server only supports IPv4 for whatever reason.

I have forwarded the UDP and TCP ports 14400..14499 for Galène, and I am starting Galène like this:

/usr/bin/galene -static /usr/share/galene/static -http :14400 -turn vchat.my.domain.net:14401 -udp-range 14402-14499

In Galène's data/config.json is also:

"proxyURL": "https://vchat.my.domain.net:14400/"

Has anybody gotten to make Galène work properly in an environment like mine, or for that matter another FOSS video chat server?
If so, how did you do it?

[1] https://galene.org/
[2] https://aur.archlinux.org/packages/galene

Offline

#2 2025-12-11 17:11:18

system72
Member
Registered: 2025-11-22
Posts: 338
Website

Re: Self-hosted video chat for mere mortals, is it possible?

matrix supports video chats

7712 0a9f 0e6b F099 091d  438b 8b38 5527 5dfd D001

Offline

#3 2025-12-11 17:26:15

eomanis
Member
Registered: 2013-04-17
Posts: 66

Re: Self-hosted video chat for mere mortals, is it possible?

system72 wrote:

matrix supports video chats

So I have heard, but hosting a Matrix server looks like another such complexity behemoth, possibly even worse than Jitsi.

The field reports that I have found do not instill confidence. [1]

[1] https://yaky.dev/2025-11-30-self-hosting-matrix/

Offline

#4 2025-12-11 17:29:43

system72
Member
Registered: 2025-11-22
Posts: 338
Website

Re: Self-hosted video chat for mere mortals, is it possible?

its actually really easy when i did it

7712 0a9f 0e6b F099 091d  438b 8b38 5527 5dfd D001

Offline

#5 2025-12-11 19:09:35

jonno2002
Member
Registered: 2016-11-21
Posts: 835

Re: Self-hosted video chat for mere mortals, is it possible?

all these video chat services are going to require the WAN ip address thats just how it works, i hate using docker and always try to run and configure my services by myself but in the case of jitsi as you say its a config nightmare so i use docker-compose in this case.

i will try to explain how i get this done but im not sharing my scripts as they are very old from when i knew very little and they are ugly as hell lol.

-i have a DUC (dynamic update client) running that updates my domain DNS at regular intervals and im guessing you must too as you have a dynamic wan ip like i do (although mine can stay the same for months)
-i have a script that checks this ip from the DUC log and saves it to a file if and when it changes and triggers a restart of the jitsi-docker-compose service
-my custom jitsi-docker-compose service runs a script that updates the jtisi .env file with the current ip and also checks for internet connectivity before starting jitsi
-jitsi has port 10000 forwarded, thats it, everything else runs through nginx reverse proxy

from what i gather video chat isnt simple hence the 'behemoth' solutions...

Offline

Pages: 1

Board footer

Powered by FluxBB