On 30/08/16 14:04, Mukul Agrawal via shifter-users wrote: > I have a couple more questions. > > > I would like to modify your detailed example at :- > https://xpra.org/trac/wiki/ProxyServer > > 1. Can I use AES encryption with xpra proxy? (AES key transport is not an > issue for me.) Yes.
> I am guessing I will still need to use multifile to figure which user has > access to which proxied sesssion? Correct. > Something like following :- > > xpra proxy :100 --bind-tcp=0.0.0.0:443 --tcp-encryption=AES > --tcp-encryption-keyfile=key.txt --auth=multifile:filename=./xpra-auth > xpra attach tcp:$PROXYHOST:443 --tcp-encryption=AES > --tcp-encryption-keyfile=./key.txt > --username=myusername --password-file=./password.txt > > 2. In my case, several Xpra servers are running on the same machine with > different display numbers. Xpra proxy will also run on the same machine. I do > not like to open so many ports for xpra server instance to the external > world. Any alternative suggestion? SSH mode only requires the SSH port, but then you would also have to restrict the user accounts to only be able to execute the xpra command. > Can these servers be attached to unix domain sockets instead and can still be proxied? > xpra start :10 --bind=socket1 > xpra start :11 --bind=socket2 The multifile can contain display information in the same format as the client connection string. ie: :DISPLAY ssh/username:password@host:SSHPORT/DISPLAY tcp/host:port/ ssl/host:port/ PS: not tested recently, but this re-uses the same code as the client. Cheers Antoine > > Regards, > Mukul ( https://sites.google.com/site/mukulagrawal ) > > On Monday, August 29, 2016 10:06 AM, Mukul Agrawal via shifter-users > <[email protected]> wrote: > > > I am running several instances of XPRA servers each listening to certain > display number on a remote Ubuntu machine. > Each instance is binding to different TCP port in the range of 1000 to > 1050.When I connect using web-browser on my local laptop to the > same-IP-address:different-ports, I can see the graphics being streamed on > these different display numbers. > > Now, I dont really want to server any other webpages. I just want to see XPRA > traffic on web browser on the client side -- nothing else. In fact, I would > prefer to stop/filter any request to access for non-xpra traffic. Do you have > any reccomendation on how to best set it up? > > Also what is the best choice for me to make it as secure and as authenticated > as possible? Specifically, which option flags should I use while starting the > server? > > Considering my application (i.e. only xpra-traffic and no other web > applications being served) , do you see any pro/cons of using a standard > web-server (such as apache) instead of the server that comes with > web-sockify. Either from security point of view or any other? > > Thanks, greatly appreciate any pointers or advice. > > Regards, > Mukul > ( https://sites.google.com/site/mukulagrawal ) > _______________________________________________ > shifter-users mailing list > [email protected] > http://lists.devloop.org.uk/mailman/listinfo/shifter-users > > > > _______________________________________________ > shifter-users mailing list > [email protected] > http://lists.devloop.org.uk/mailman/listinfo/shifter-users > _______________________________________________ shifter-users mailing list [email protected] http://lists.devloop.org.uk/mailman/listinfo/shifter-users
