[winswitch] Is there a guide for configuring xpra to work as an Nginx proxy and SSL as well?

Antoine Martin antoine at nagafix.co.uk
Tue Feb 13 04:03:08 GMT 2018 

On 13/02/18 01:20, vfclists . via shifter-users wrote:
> I configure wetty ,  https://github.com/krishnasrinivas/wetty, to run
> behind an nginx frontend, and the nginx settings for running wetty as an
> upstream proxy looks like this. I also tried guacamole and the setting
> where similar.
Then it's probably right.

>    location /wetty {
> 
>        if ($scheme = 'http') {
>            rewrite ^ https://$http_host$request_uri? permanent;
>        }
>        proxy_pass http://127.0.0.1:3111/wetty;
>        proxy_http_version 1.1;
>        proxy_set_header Upgrade $http_upgrade;
>        proxy_set_header Connection "upgrade";
>        proxy_read_timeout 43200000;
> 
>        proxy_set_header X-Real-IP $remote_addr;
>        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
>        proxy_set_header Host $http_host;
>        proxy_set_header X-NginX-Proxy true;
>    }
> 
> I am not quite sure what a lot of the settings do, but it has worked well
> so far.
> 
> My assumption is that if xpra uses has a  '--bind-tcp=0.0.0.0:44440', the
> nginx proxy would have the 'proxy_pass http://127.0.0.1:44440'. I don't see
> the need to add an SSL option to the xpra command as nginx will be handling
> the SSL, but a password may be needed for the user, which has an option for
> it in the HHML interface
The username and password are only needed if you configure xpra with
authentication. If this is running in a secure environment, this may or
may not be needed. Just be careful that one backend session can't
connect to another for example.

> Does anyone have a sample nginx config for xpra?
I have never used an nginx proxy, but maybe someone else can chime in.
Or maybe you can ask the nginx devs to confirm?

> Am I generally on the right path?.
I don't know.

One word of warning though: xpra is very sensitive to latency and any
piece of software sitting in between the client and the server will
introduce some latency.
For example, we've ended up incorporating the websockify server into the
xpra server to reduce the websocket latency.
If you can do it, always prefer direct connections.

Cheers
Antoine

More information about the shifter-users mailing list