[winswitch] Properly setting XPRA HTML5

Antoine Martin antoine at nagafix.co.uk
Tue Aug 30 09:39:59 BST 2016 

On 30/08/16 14:04, Mukul Agrawal via shifter-users wrote:
> I have a couple more questions.
> 
> 
>  I would like to modify your detailed example at :- 
> https://xpra.org/trac/wiki/ProxyServer
> 
> 1. Can I use AES encryption with xpra proxy? (AES key transport is not an issue for me.)
Yes.

> I am guessing I will still need to use multifile to figure which user has access to which proxied sesssion?
Correct.

> Something like following :-
> 
>  xpra proxy :100 --bind-tcp=0.0.0.0:443 --tcp-encryption=AES --tcp-encryption-keyfile=key.txt --auth=multifile:filename=./xpra-auth
> xpra attach tcp:$PROXYHOST:443 --tcp-encryption=AES --tcp-encryption-keyfile=./key.txt 
> --username=myusername --password-file=./password.txt
> 
> 2. In my case, several Xpra servers are running on the same machine with different display numbers. Xpra proxy will also run on the same machine. I do not like to open so many ports for xpra server instance to the external world. Any alternative suggestion?
SSH mode only requires the SSH port, but then you would also have to
restrict the user accounts to only be able to execute the xpra command.

> Can these servers be attached to unix domain sockets instead and can
still be proxied?
> xpra start :10 --bind=socket1
> xpra start :11 --bind=socket2
The multifile can contain display information in the same format as the
client connection string. ie:
:DISPLAY
ssh/username:password at host:SSHPORT/DISPLAY
tcp/host:port/
ssl/host:port/

PS: not tested recently, but this re-uses the same code as the client.

Cheers
Antoine

> 
>  Regards, 
> Mukul ( https://sites.google.com/site/mukulagrawal ) 
> 
>     On Monday, August 29, 2016 10:06 AM, Mukul Agrawal via shifter-users <shifter-users at lists.devloop.org.uk> wrote:
>  
> 
>  I am running several instances of XPRA servers each listening to certain display number on a remote Ubuntu machine.
> Each instance is binding to different TCP port in the range of 1000 to 1050.When I connect using web-browser on my local laptop to the same-IP-address:different-ports, I can see the graphics being streamed on these different display numbers.
> 
> Now, I dont really want to server any other webpages. I just want to see XPRA traffic on web browser on the client side -- nothing else. In fact, I would prefer to stop/filter any request to access for non-xpra traffic. Do you have any reccomendation on how to best set it up? 
> 
> Also what is the best choice for me to make it as secure and as authenticated as possible? Specifically, which option flags should I use while starting the server?
> 
> Considering my application (i.e. only xpra-traffic and no other web applications being served) , do you see any pro/cons of using a standard web-server (such as apache) instead of the server that comes with web-sockify. Either from security point of view or any other?
> 
> Thanks, greatly appreciate any pointers or advice.
> 
>  Regards, 
> Mukul 
> ( https://sites.google.com/site/mukulagrawal )
> _______________________________________________
> shifter-users mailing list
> shifter-users at lists.devloop.org.uk
> http://lists.devloop.org.uk/mailman/listinfo/shifter-users
> 
> 
>    
> _______________________________________________
> shifter-users mailing list
> shifter-users at lists.devloop.org.uk
> http://lists.devloop.org.uk/mailman/listinfo/shifter-users
>

More information about the shifter-users mailing list