xpra icon
Bug tracker and wiki

Opened 5 years ago

Closed 5 years ago

#574 closed enhancement (wontfix)

Improve ProxyServer to be front end for several server in backend

Reported by: Benoit Gschwind Owned by: Benoit Gschwind
Priority: minor Milestone:
Component: server Version: trunk
Keywords: proxy Cc:

Description

The idea is to be able to connect to several servers from one proxy. For example if we have the proxy0.host as proxy and serv0.host, serv1.host, serv2.host as server not directly accessible.

For a user the path should look like:

user$ xpra start tcp:login@serv0.host:100 --start-child="xterm" --with-proxy=proxy0.host [whatever usual option]
user$ xpra start tcp:login@serv1.host:100 --start-child="xterm" --with-proxy=proxy0.host [whatever usual option]

user$ xpra attach tcp:login@serv0.host:100 --with-proxy=proxy0.host [whatever usual option]
user$ xpra attach tcp:login@serv1.host:100 --with-proxy=proxy0.host [whatever usual option]

user$ xpra stop tcp:login@serv0.host:100 --with-proxy=proxy0.host
user$ xpra stop tcp:login@serv1.host:100 --with-proxy=proxy0.host

Change History (4)

comment:1 Changed 5 years ago by Antoine Martin

Owner: changed from Antoine Martin to Benoit Gschwind

This is somewhat similar to #576, so some of the questions will be the same.

  • I think the syntax should be reversed: the connection point should always be the proxy, specifying the target server / session should be the new argument (--proxy-for= or --with-server= or --display= ..), which also makes this ticket much more similar to #574
  • Do you want to support both tcp and ssh connections to the proxy? (not sure it makes much difference, just curious)
  • Do we need both tickets? Or can we achieve #574 with this one? (or even the other way around - either way, maybe consolidate in one ticket?)
  • How do we perform access control (the servers and ports that the proxy will accept to proxy for)? Turn the feature on or off?
  • This sort of setup usually benefits from having failover and load-balancing of the backend servers, which is something else to think about: if multiple servers are available through the proxy, a very common use case would be to let the proxy decide which server to delegate to.

comment:2 in reply to:  1 Changed 5 years ago by Benoit Gschwind

Replying to totaam:

This is somewhat similar to #576, so some of the questions will be the same.

  • I think the syntax should be reversed: the connection point should always be the proxy, specifying the target server / session should be the new argument (--proxy-for= or --with-server= or --display= ..), which also makes this ticket much more similar to #574


I do not have particular preference, reversing the command line option is fine.

  • Do you want to support both tcp and ssh connections to the proxy? (not sure it makes much difference, just curious)


Imo, I will say no, If I could choose I would choose to drop ssh completely, and allow Xpra to work like sshd, i.e. a standalone server that authenticate users, crypt the connection and start session by itself while being able to pass through a proxy.

  • Do we need both tickets? Or can we achieve #574 with this one? (or even the other way around - either way, maybe consolidate in one ticket?)


This ticket is more general :) but at the moment this could be merged.

  • How do we perform access control (the servers and ports that the proxy will accept to proxy for)? Turn the feature on or off?


We have to think about configuration file like sshd_config. But it make this more complicated. At this moment just allowing or disallowing proxy should be fine while user is authenticated.

  • This sort of setup usually benefits from having failover and load-balancing of the backend servers, which is something else to think about: if multiple servers are available through the proxy, a very common use case would be to let the proxy decide which server to delegate to.


This can be a useful feature, the sever could track connection and choose a server for the user. But imo, the main usage of proxy is to allow user to remotly use a particular internal server, like screen+ssh.

comment:3 Changed 5 years ago by Antoine Martin

Any update on this? Can I close it?

comment:4 Changed 5 years ago by Antoine Martin

Resolution: wontfix
Status: newclosed

Not heard back, closing.

Note: See TracTickets for help on using tickets.