[winswitch] Xpra running Wireshark in Docker container

[Antoine Martin]

On 10/10/17 15:33, Feldhaus, Florian via shifter-users wrote:
> I discovered Xpra several years ago, but never really used it until I was searching for a solution to make Wireshark available via a Webinterface. Using Docker and the Xpra HTML Client, I was able to create a Docker container with Xpra and Wireshark (see https://github.com/ffeldhaus/docker-wireshark). Based on the Docker image, I created a solution to proxy and analyze arbitrary TCP traffic with HAProxy and Wireshark - HAProxy acts as endpoint for e.g. NFS, SMB, HTTP or other services and forwards the traffic to the real service and Wireshark, accessed via Webbrowser, can analyze the traffic (see https://github.com/ffeldhaus/docker-network-traffic-analyzer for details).
> 
> I’m impressed by the features and abilities of Xpra and would like to thank everyone who helped to develop it.
> 
> During testing of the solution I discovered a few things were I would like to ask for your input:
> - Installing Xpra requires a huge number of dependencies. It would be great to get some input how to reduce the number of dependencies to create a minimal docker image (currently it’s larger than 1GB.
1GB is huge! The most important dependencies are listed here:
http://xpra.org/trac/wiki/Dependencies
And the build and packaging dependencies are also documented here:
http://xpra.org/trac/wiki/Building

This will largely depend on the distro you are on. Some Debian it seems?
Our Debian packaging uses strict dependencies as well as both
"Recommends" and "Suggests" weak dependencies.
Not installing the weak dependencies will give you a stripped down
installation, without support for printer or audio forwarding, mdns, etc
For your use-case, you may also want to remove "ffmpeg-xpra" as per:
http://xpra.org/trac/changeset/17145

> - Running current stable Xpra version results in several error messages (see below). I’d appreciate input why these occur (check https://github.com/ffeldhaus/docker-wireshark/blob/master/xpra.conf for the config options). I’d be especially interested in
>   - Why does renaming '/run/user/1000/xpra/Xorg.S1.log' to '/run/user/1000/xpra/Xorg.:0.log' fail?
That's a bug in the Xorg server, a fix has been submitted upstream:
http://xpra.org/trac/ticket/1192

>   - Why does Xpra try to create socket directory in '/run/xpra' even though socket dir was specified as /run/user/1000/xpra and xpra was run as non root user?
See "socket-dirs" as well as "socket-dir".
(yes, it is a bit confusing having both, we kinda messed up that one -
too late to go back, sorry)

>   - Why does Xpra show an ERROR related to X11 property 'PULSE_SERVER' even though pulseaudio=no is specified in config file?
The "_sound_query" subcommand is probing gstreamer to see what elements
should be used for audio forwarding, and part of this query will try to
figure out if pulseaudio is available. (which is separate from the
pulseaudio=no command line option which controls if we start it or not)

For whatever reason, your "/usr/bin/xpra" ends up trying to use GTK3
(maybe loading GTK2 failed?), this doesn't work well before xpra 2.2

> - When I access Wireshark via Webinterface using Firefox 57 I have issues with special characters (y and z are working correct, but ! = # as well as öäü and others are not working). I’ve seen some fixed issues around this, but this seems to be a new one. With Chrome it works better, but not perfect (! = # work but öäü do not work). Should I report this as an issue?
Yes please. Make sure you include all the required details:
https://www.xpra.org/trac/wiki/Keyboard#ReportingBugs

Keyboard mapping issues are always "interesting".

> - Is it possible to force SSL connections when accessing the HTML client? I successfully configured SSL, but ideally all HTTP connections should be upgraded to HTTPS (maybe using HSTS).
In xpra 2.2, you can specify different socket types for different ports.
For example:
xpra --bind-wss=0.0.0.0:14500
This will only allow secure websockets / https.

For more information, see:
https://xpra.org/trac/ticket/1504#comment:2


Cheers
Antoine


> wireshark    | _XSERVTransmkdir: ERROR: euid != 0,directory /tmp/.X11-unix will not be created.
> wireshark    | Failed to rename log file "/run/user/1000/xpra/Xorg.S1.log" to "/run/user/1000/xpra/Xorg.S1.log": No such file or directory
> wireshark    | 
> wireshark    | X.Org X Server 1.19.2
> wireshark    | Release Date: 2017-03-02
> wireshark    | X Protocol Version 11, Revision 0
> wireshark    | Build Operating System: Linux 4.9.0-3-amd64 x86_64 Debian
> wireshark    | Current Operating System: Linux ec148b063ca0 3.10.0-514.26.2.el7.x86_64 #1 SMP Tue Jul 4 15:04:05 UTC 2017 x86_64
> wireshark    | Kernel command line: BOOT_IMAGE=/vmlinuz-3.10.0-514.26.2.el7.x86_64 root=/dev/mapper/centos_florianf--centos-root ro crashkernel=auto rd.lvm.lv=centos_florianf-centos/root rd.lvm.lv=centos_florianf-centos/swap rhgb quiet LANG=en_US.UTF-8
> wireshark    | Build Date: 07 July 2017  06:14:06AM
> wireshark    | xorg-server 2:1.19.2-1+deb9u1 (https://www.debian.org/support) 
> wireshark    | Current version of pixman: 0.34.0
> wireshark    |  Before reporting problems, check http://wiki.x.org
> wireshark    |  to make sure that you have the latest version.
> wireshark    | Markers: (--) probed, (**) from config file, (==) default setting,
> wireshark    |  (++) from command line, (!!) notice, (II) informational,
> wireshark    |  (WW) warning, (EE) error, (NI) not implemented, (??) unknown.
> wireshark    | (++) Log file: "/run/user/1000/xpra/Xorg.S1.log", Time: Mon Oct  9 17:52:39 2017
> wireshark    | (++) Using config file: "/etc/xpra/xorg.conf"
> wireshark    | (==) Using system config directory "/usr/share/X11/xorg.conf.d"
> wireshark    | failed to rename Xorg log file from '/run/user/1000/xpra/Xorg.S1.log' to '/run/user/1000/xpra/Xorg.:0.log'
> wireshark    |  [Errno 2] No such file or directory
> wireshark    | 2017-10-09 17:52:45,508 Warning: skipping duplicate bind path /run/user/1000/xpra/ec148b063ca0-0
> wireshark    | 2017-10-09 17:52:45,509 Warning: failed to create socket directory '/run/xpra'
> wireshark    | 2017-10-09 17:52:45,509  [Errno 13] Permission denied: '/run/xpra'
> wireshark    | 2017-10-09 17:52:45,512 created unix domain socket: /run/user/1000/xpra/ec148b063ca0-0
> wireshark    | 2017-10-09 17:52:45,513 created unix domain socket: /home/wireshark/.xpra/ec148b063ca0-0
> wireshark    | 2017-10-09 17:52:45,513 Warning: cannot create socket '/run/xpra/ec148b063ca0-0'
> wireshark    | 2017-10-09 17:52:45,513  [Errno 2] No such file or directory
> wireshark    | 2017-10-09 17:52:45,513  /run/xpra does not exist
> wireshark    | 2017-10-09 17:52:45,514  user 'wireshark' is a member of groups: xpra
> wireshark    | 2017-10-09 17:52:45,514   failed to query path information for '/run/xpra': [Errno 2] No such file or directory: '/run/xpra'
> wireshark    | 2017-10-09 17:52:50,970 serving html content from: /usr/share/xpra/www
> wireshark    | Error: cannot get X11 property 'PULSE_SERVER'
> wireshark    | Traceback (most recent call last):
> wireshark    |   File "/usr/lib/python2.7/dist-packages/xpra/sound/pulseaudio/pulseaudio_common_util.py", line 24, in get_x11_property
> wireshark    |     from xpra.x11.bindings.window_bindings import X11WindowBindings
> wireshark    |   File "xpra/x11/bindings/window_bindings.pyx", line 12, in init xpra.x11.bindings.window_bindings (xpra/x11/bindings/window_bindings.c:15092)
> wireshark    |   File "/usr/lib/python2.7/dist-packages/xpra/gtk_common/error.py", line 42, in <module>
> wireshark    |     gdk = import_gdk()
> wireshark    |   File "/usr/lib/python2.7/dist-packages/xpra/gtk_common/gobject_compat.py", line 118, in import_gdk
> wireshark    |     return  _try_import(import_gdk3, import_gdk2)
> wireshark    |   File "/usr/lib/python2.7/dist-packages/xpra/gtk_common/gobject_compat.py", line 38, in _try_import
> wireshark    |     return  import_method_gtk3()
> wireshark    |   File "/usr/lib/python2.7/dist-packages/xpra/gtk_common/gobject_compat.py", line 113, in import_gdk3
> wireshark    |     gi.require_version('Gdk', '3.0')
> wireshark    |   File "/usr/lib/python2.7/dist-packages/gi/__init__.py", line 118, in require_version
> wireshark    |     raise ValueError('Namespace %s not available' % namespace)
> wireshark    | ValueError: Namespace Gdk not available
> wireshark    |  for python sys.version_info(major=2, minor=7, micro=13, releaselevel='final', serial=0)
> wireshark    |  xpra command=['/usr/bin/xpra', '_sound_query']
> wireshark    | 2017-10-09 17:52:51,997 GStreamer version 1.10.4 for Python 2.7.13 64-bit
> wireshark    | 2017-10-09 17:52:52,114 2.8GB of system memory
> wireshark    | 2017-10-09 17:52:52,160 started command 'wireshark' with pid 53
> wireshark    | 2017-10-09 17:52:52,161 xpra X11 version 2.1.2-r16903 64-bit
> wireshark    | 2017-10-09 17:52:52,161  uid=1000 (wireshark), gid=1000 (wireshark)
> wireshark    | 2017-10-09 17:52:52,161  running with pid 1 on Linux Debian 9.1 stretch
> wireshark    | 2017-10-09 17:52:52,162  connected to X11 display :0 with 24 bit colors
> wireshark    | 2017-10-09 17:52:52,434 xpra is ready.
>  
> Thanks a lot
> Florian Feldhaus
>  
> Principal Consultant, Professional Services
> NetApp Deutschland GmbH, Gladbecker Str. 5, D-40472 Düsseldorf
> +49 151 12055 711 Mobil
> florian.feldhaus at netapp.com
>  
> NetApp Deutschland GmbH, Sonnenallee 1, 85551 Kirchheim bei München Handelsregister: AG München HRB113907, VAT#: DE 182 196 996Geschäftsführer: Jörg Heßke, Claudia Berchtold, Stephen Faulkner
> 
> _______________________________________________
> shifter-users mailing list
> shifter-users at lists.devloop.org.uk
> http://lists.devloop.org.uk/mailman/listinfo/shifter-users
>