xpra icon
Bug tracker and wiki

This bug tracker and wiki are being discontinued
please use https://github.com/Xpra-org/xpra instead.


Changes between Version 5 and Version 6 of ProxyServer


Ignore:
Timestamp:
11/07/13 05:26:25 (8 years ago)
Author:
Antoine Martin
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • ProxyServer

    v5 v6  
    2020xpra proxy :20 --auth=sys --bind-tcp=0.0.0.0:443
    2121}}}
    22 Note: if you run this command as root, all the user sessions will be exposed. If you run it a normal user, only this user's session will be exposed.
    23 Once authenticated, the proxy server spawns a new process and no longer runs as root.
     22Notes:
     23* if you run this command as root, all the user sessions will be exposed
     24* if you run it a normal user, only this user's session will be exposed
     25* once authenticated, the proxy server spawns a new process and no longer runs as root
     26* the display number chosen for the proxy server is only used for identifying the proxy server and interacting with it using the regular tools ("{{{xpra info}}}", etc)
    2427[[BR]]
    2528
     
    3437
    3538{{{#!div class="box"
    36 == File Authentication Extras ==
     39== File Authentication ==
    3740
    3841When used with the proxy server, the password file (see [/wiki/Authentication#Modules Authentication Modules]) should contain one user per line using the format:
     
    5558* {{{SESSION_OPTIONS}}} is an optional attribute which can contain ";" separated name-value pairs which will override the client's connection settings and apply to the connection between the proxy and the real server only.
    5659}}}
     60
     61{{{#!div class="box"
     62== File Authentication Example ==
     63
     64* Start a proxy server on port 443 using {{{file}}} authentication (we will call this server {{{PROXYHOST}}}):
     65{{{
     66xpra proxy :100 --bind-tcp=0.0.0.0:443 --auth=file --password-file=./xpra-auth
     67}}}
     68* Start the session we wish to access via the {{{PROXYHOST}}} (we call this {{{TARGETHOST}}} - for testing, this can be the same host as {{{PROXYHOST}}}):
     69{{{
     70xpra start :10 --bind-tcp=0.0.0.0:10000
     71}}}
     72* on {{{PROXYHOST}}}, add a user to the auth file pointing to {{{TARGETHOST}}} (ie: {{{192.168.1.200}}} should be {{{TARGETHOST}}}'s IP):
     73{{{
     74echo "john|secretpassword|1000|1000|tcp:192.168.1.200:10000|EXAMPLE_ENV=VALUE|compression=0" >> ./xpra-auth
     75}}}
     76* create the password file on the client:
     77{{{
     78echo "secretpassword" >> password.txt
     79}}}
     80* connect from the client:
     81{{{
     82xpra attach --username=myusername --password-file=./password.txt $PROXYHOST:20000
     83}}}
     84
     85What happens:
     86* the client connects to the proxy server
     87* the proxy server asks the client to authenticate and sends it a challenge
     88* the client responds to the challenge (see [/wiki/Authentication])
     89* the proxy server verifies the challenge (and disconnects the user if needed)
     90* the proxy server identifies the session desired (ie: the one on {{{TARGETHOST}}})
     91* the proxy server creates a new connection to the real server ({{{TARGETHOST}}}), applying any options specified (ie: "{{{compression=0}}}" will disable compression between the proxy and server)
     92* the proxy server spawns a new process
     93* the new proxy process changes its uid and gid to non-root (if needed)
     94* the packets should now flow through between the client and the real server
     95}}}