[winswitch] Properly setting XPRA HTML5

Mukul Agrawal mukulagrawal78 at yahoo.com
Tue Aug 30 08:04:20 BST 2016 

I have a couple more questions.


 I would like to modify your detailed example at :- 
https://xpra.org/trac/wiki/ProxyServer

1. Can I use AES encryption with xpra proxy? (AES key transport is not an issue for me.) I am guessing I will still need to use multifile to figure which user has access to which proxied sesssion? Something like following :-

 xpra proxy :100 --bind-tcp=0.0.0.0:443 --tcp-encryption=AES --tcp-encryption-keyfile=key.txt --auth=multifile:filename=./xpra-auth
xpra attach tcp:$PROXYHOST:443 --tcp-encryption=AES --tcp-encryption-keyfile=./key.txt 
--username=myusername --password-file=./password.txt

2. In my case, several Xpra servers are running on the same machine with different display numbers. Xpra proxy will also run on the same machine. I do not like to open so many ports for xpra server instance to the external world. Any alternative suggestion? Can these servers be attached to unix domain sockets instead and can still be proxied?  
xpra start :10 --bind=socket1xpra start :11 --bind=socket2

 Regards, 
Mukul ( https://sites.google.com/site/mukulagrawal ) 

    On Monday, August 29, 2016 10:06 AM, Mukul Agrawal via shifter-users <shifter-users at lists.devloop.org.uk> wrote:
 

 I am running several instances of XPRA servers each listening to certain display number on a remote Ubuntu machine.
Each instance is binding to different TCP port in the range of 1000 to 1050.When I connect using web-browser on my local laptop to the same-IP-address:different-ports, I can see the graphics being streamed on these different display numbers.

Now, I dont really want to server any other webpages. I just want to see XPRA traffic on web browser on the client side -- nothing else. In fact, I would prefer to stop/filter any request to access for non-xpra traffic. Do you have any reccomendation on how to best set it up? 

Also what is the best choice for me to make it as secure and as authenticated as possible? Specifically, which option flags should I use while starting the server?

Considering my application (i.e. only xpra-traffic and no other web applications being served) , do you see any pro/cons of using a standard web-server (such as apache) instead of the server that comes with web-sockify. Either from security point of view or any other?

Thanks, greatly appreciate any pointers or advice.

 Regards, 
Mukul 
( https://sites.google.com/site/mukulagrawal )
_______________________________________________
shifter-users mailing list
shifter-users at lists.devloop.org.uk
http://lists.devloop.org.uk/mailman/listinfo/shifter-users

More information about the shifter-users mailing list