xpra icon
Bug tracker and wiki

Changes between Version 30 and Version 31 of ProxyServer


Ignore:
Timestamp:
05/08/18 16:21:46 (6 months ago)
Author:
Antoine Martin
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • ProxyServer

    v30 v31  
    2828Depending on the [/wiki/Authentication Authentication] module configured, the proxy server can:
    2929* expose all local xpra sessions after user authentication
    30 * provide access to a custom list of sessions configured through the "multifile" auth mechanism
     30* provide access to a custom list of sessions configured through the {{{sqlite}}} and {{{multifile}}} authentication modules
    3131* start new sessions on demand (#1319)
    3232}}}
     
    3636(see also [/wiki/DataFlow])
    3737
     38Here is an example architecture using the proxy server to provide access to a number of servers through a single port, also showing where NVENC hardware encoders and TCP proxying (apache, nginx, thttp,..) can all hook into:
    3839[[Image(Xpra-Proxy.png)]]
    3940}}}
     
    4445'''Beware''': to simplify these instructions, we use the "{{{allow}}}" [/wiki/Authentication authentication module], which does '''no''' checking whatsoever!
    4546
    46 To start the proxy server, simply run:
     47* start a session on display {{{:100}}} with an {{{xterm}}}, this session is not exposed via tcp (there is no {{{bind-tcp}}} option):
     48{{{
     49xpra start :100 --start=xterm
     50}}}
     51* start the proxy server tcp port 8443:
    4752{{{
    4853xpra proxy :20 --auth=allow --bind-tcp=0.0.0.0:8443
    4954}}}
    50 
    51 If only one session is accessible, users can connect as usual with:
     55* if only one session is accessible for this user, you can connect via the proxy with:
    5256{{{
    53 xpra attach tcp:USERNAME:PASSWORD@PROXYHOST:8443
     57xpra attach tcp://:foo@PROXYHOST:8443/
    5458}}}
    5559
    56 If there is more than one session accessible for this user, the client also needs to specify which display it wishes to connect to using the extended attach syntax: "{{{tcp/USERNAME:PASSWORD@SERVER:PORT/DISPLAY}}}":
     60If there is more than one existing session accessible for this user, the client also needs to specify which display it wishes to connect to using the extended attach syntax: "{{{tcp/USERNAME:PASSWORD@SERVER:PORT/DISPLAY}}}":
    5761{{{
    58 xpra attach tcp/username:password@127.0.0.1:8443/100
     62xpra attach tcp://:foo@127.0.0.1:8443/100
    5963}}}
    6064[[BR]]
    6165
    6266Notes:
     67* this example uses tcp, but the proxy works equally well with all other transports ({{{ssl}}}, {{{wss}}} etc)
    6368* if you run this command as root, all the user sessions will be exposed!
    6469* if you run it a normal user, only this user's session will be exposed