Hi Antoine, thank you very much for the detailed answer. I have tried several of your suggestions and have some feedback inline:
> On 10/10/17 15:33, Feldhaus, Florian via shifter-users wrote: >> I discovered Xpra several years ago, but never really used it until I was >> searching for a solution to make Wireshark available via a Webinterface. >> Using Docker and the Xpra HTML Client, I was able to create a Docker >> container with Xpra and Wireshark (see >> https://github.com/ffeldhaus/docker-wireshark). Based on the Docker image, I >> created a solution to proxy and analyze arbitrary TCP traffic with HAProxy >> and Wireshark - HAProxy acts as endpoint for e.g. NFS, SMB, HTTP or other >> services and forwards the traffic to the real service and Wireshark, >> accessed via Webbrowser, can analyze the traffic (see >> https://github.com/ffeldhaus/docker-network-traffic-analyzer for details). >> >> I’m impressed by the features and abilities of Xpra and would like to thank >> everyone who helped to develop it. >> >> During testing of the solution I discovered a few things were I would like >> to ask for your input: >> - Installing Xpra requires a huge number of dependencies. It would be great >> to get some input how to reduce the number of dependencies to create a >> minimal docker image (currently it’s larger than 1GB. > 1GB is huge! The most important dependencies are listed here: > http://xpra.org/trac/wiki/Dependencies > And the build and packaging dependencies are also documented here: > http://xpra.org/trac/wiki/Building > > This will largely depend on the distro you are on. Some Debian it seems? > Our Debian packaging uses strict dependencies as well as both > "Recommends" and "Suggests" weak dependencies. > Not installing the weak dependencies will give you a stripped down > installation, without support for printer or audio forwarding, mdns, etc > For your use-case, you may also want to remove "ffmpeg-xpra" as per: > http://xpra.org/trac/changeset/17145 I managed to reduce the docker image size quite a bit (to 480MB) by using the --no-install-recommends switch for apt-get install. Unfortunately changeset 17145 was not included in the latest available xpra 2.2 beta which is from yesterday morning. Could you trigger a new xpra 2.2 beta build for centos including that changeset? I did see a few new errors though: The following is probably related to python-uinput not being installed. If it is required, it should be a mandatory dependency. If it is not required, xpra shouldn’t fail. 2017-10-11 07:21:44,355 cannot access python uinput module: 2017-10-11 07:21:44,355 No module named uinput The following is new as well Error running "xauth add :0 MIT-MAGIC-COOKIE-1 7e0f55cb5f2a433993a09f12bcea0794": [Errno 2] No such file or directory Even though I included dbus-control=no and dbus-proxy=no I still get this error: /bin/sh: 1: dbus-launch: not found dbus-launch failed to start using command 'dbus-launch --close-stderr': exit code is 127 2017-10-11 07:21:54,388 Warning: menu forwarding is disabled: 2017-10-11 07:21:54,388 cannot load dbus helper: No module named dbus The following is also new and I would like to understand if I should install this package as dependency. For what does xpra use the package? 2017-10-11 07:21:54,404 Warning: the python netifaces package is missing There is one message regarding Gstream which I don’t understand Warning: failed to import GStreamer 1.x: No module named gi >> - Running current stable Xpra version results in several error messages (see >> below). I’d appreciate input why these occur (check >> https://github.com/ffeldhaus/docker-wireshark/blob/master/xpra.conf for the >> config options). I’d be especially interested in >> - Why does renaming '/run/user/1000/xpra/Xorg.S1.log' to >> '/run/user/1000/xpra/Xorg.:0.log' fail? > That's a bug in the Xorg server, a fix has been submitted upstream: > http://xpra.org/trac/ticket/1192 Let’s wait and see when this will be merged into Xorg. >> - Why does Xpra try to create socket directory in '/run/xpra' even though >> socket dir was specified as /run/user/1000/xpra and xpra was run as non root >> user? > See "socket-dirs" as well as "socket-dir". > (yes, it is a bit confusing having both, we kinda messed up that one - > too late to go back, sorry) Using socket-dirs instead of socket-dir fixed this. >> - Why does Xpra show an ERROR related to X11 property 'PULSE_SERVER' even >> though pulseaudio=no is specified in config file? > The "_sound_query" subcommand is probing gstreamer to see what elements > should be used for audio forwarding, and part of this query will try to > figure out if pulseaudio is available. (which is separate from the > pulseaudio=no command line option which controls if we start it or not) > > For whatever reason, your "/usr/bin/xpra" ends up trying to use GTK3 > (maybe loading GTK2 failed?), this doesn't work well before xpra 2.2 This seems to be fixed in xpra 2.2. The only error left is the following, which I understand should be a warning: 2017-10-11 07:21:56,950 Error: failed to query sound subsystem: 2017-10-11 07:21:56,950 query did not return any data >> - When I access Wireshark via Webinterface using Firefox 57 I have issues >> with special characters (y and z are working correct, but ! = # as well as >> öäü and others are not working). I’ve seen some fixed issues around this, >> but this seems to be a new one. With Chrome it works better, but not perfect >> (! = # work but öäü do not work). Should I report this as an issue? > Yes please. Make sure you include all the required details: > https://www.xpra.org/trac/wiki/Keyboard#ReportingBugs > > Keyboard mapping issues are always "interesting". > >> - Is it possible to force SSL connections when accessing the HTML client? I >> successfully configured SSL, but ideally all HTTP connections should be >> upgraded to HTTPS (maybe using HSTS). > In xpra 2.2, you can specify different socket types for different ports. > For example: > xpra --bind-wss=0.0.0.0:14500 > This will only allow secure websockets / https. > > For more information, see: > https://xpra.org/trac/ticket/1504#comment:2 Using --bind-wss works to enfore SSL when using xpra 2.2. > > Cheers > Antoine > > >> wireshark> | _XSERVTransmkdir: ERROR: euid != 0,directory /tmp/.X11-unix >> will not be created. >> wireshark> | Failed to rename log file "/run/user/1000/xpra/Xorg.S1.log" to >> "/run/user/1000/xpra/Xorg.S1.log": No such file or directory >> wireshark> | >> wireshark> | X.Org X Server 1.19.2 >> wireshark> | Release Date: 2017-03-02 >> wireshark> | X Protocol Version 11, Revision 0 >> wireshark> | Build Operating System: Linux 4.9.0-3-amd64 x86_64 Debian >> wireshark> | Current Operating System: Linux ec148b063ca0 >> 3.10.0-514.26.2.el7.x86_64 #1 SMP Tue Jul 4 15:04:05 UTC 2017 x86_64 >> wireshark> | Kernel command line: >> BOOT_IMAGE=/vmlinuz-3.10.0-514.26.2.el7.x86_64 >> root=/dev/mapper/centos_florianf--centos-root ro crashkernel=auto >> rd.lvm.lv=centos_florianf-centos/root rd.lvm.lv=centos_florianf-centos/swap >> rhgb quiet LANG=en_US.UTF-8 >> wireshark> | Build Date: 07 July 2017 06:14:06AM >> wireshark> | xorg-server 2:1.19.2-1+deb9u1 (https://www.debian.org/support) >> wireshark> | Current version of pixman: 0.34.0 >> wireshark> | Before reporting problems, check http://wiki.x.org >> wireshark> | to make sure that you have the latest version. >> wireshark> | Markers: (--) probed, (**) from config file, (==) default >> setting, >> wireshark> | (++) from command line, (!!) notice, (II) informational, >> wireshark> | (WW) warning, (EE) error, (NI) not implemented, (??) unknown. >> wireshark> | (++) Log file: "/run/user/1000/xpra/Xorg.S1.log", Time: Mon Oct >> 9 17:52:39 2017 >> wireshark> | (++) Using config file: "/etc/xpra/xorg.conf" >> wireshark> | (==) Using system config directory "/usr/share/X11/xorg.conf.d" >> wireshark> | failed to rename Xorg log file from >> '/run/user/1000/xpra/Xorg.S1.log' to '/run/user/1000/xpra/Xorg.:0.log' >> wireshark> | [Errno 2] No such file or directory >> wireshark> | 2017-10-09 17:52:45,508 Warning: skipping duplicate bind path >> /run/user/1000/xpra/ec148b063ca0-0 >> wireshark> | 2017-10-09 17:52:45,509 Warning: failed to create socket >> directory '/run/xpra' >> wireshark> | 2017-10-09 17:52:45,509 [Errno 13] Permission denied: >> '/run/xpra' >> wireshark> | 2017-10-09 17:52:45,512 created unix domain socket: >> /run/user/1000/xpra/ec148b063ca0-0 >> wireshark> | 2017-10-09 17:52:45,513 created unix domain socket: >> /home/wireshark/.xpra/ec148b063ca0-0 >> wireshark> | 2017-10-09 17:52:45,513 Warning: cannot create socket >> '/run/xpra/ec148b063ca0-0' >> wireshark> | 2017-10-09 17:52:45,513 [Errno 2] No such file or directory >> wireshark> | 2017-10-09 17:52:45,513 /run/xpra does not exist >> wireshark> | 2017-10-09 17:52:45,514 user 'wireshark' is a member of >> groups: xpra >> wireshark> | 2017-10-09 17:52:45,514 failed to query path information for >> '/run/xpra': [Errno 2] No such file or directory: '/run/xpra' >> wireshark> | 2017-10-09 17:52:50,970 serving html content from: >> /usr/share/xpra/www >> wireshark> | Error: cannot get X11 property 'PULSE_SERVER' >> wireshark> | Traceback (most recent call last): >> wireshark> | File >> "/usr/lib/python2.7/dist-packages/xpra/sound/pulseaudio/pulseaudio_common_util.py", >> line 24, in get_x11_property >> wireshark> |> from xpra.x11.bindings.window_bindings import >> X11WindowBindings >> wireshark> | File "xpra/x11/bindings/window_bindings.pyx", line 12, in >> init xpra.x11.bindings.window_bindings >> (xpra/x11/bindings/window_bindings.c:15092) >> wireshark> | File >> "/usr/lib/python2.7/dist-packages/xpra/gtk_common/error.py", line 42, in >> <module> >> wireshark> |> gdk = import_gdk() >> wireshark> | File >> "/usr/lib/python2.7/dist-packages/xpra/gtk_common/gobject_compat.py", line >> 118, in import_gdk >> wireshark> |> return _try_import(import_gdk3, import_gdk2) >> wireshark> | File >> "/usr/lib/python2.7/dist-packages/xpra/gtk_common/gobject_compat.py", line >> 38, in _try_import >> wireshark> |> return import_method_gtk3() >> wireshark> | File >> "/usr/lib/python2.7/dist-packages/xpra/gtk_common/gobject_compat.py", line >> 113, in import_gdk3 >> wireshark> |> gi.require_version('Gdk', '3.0') >> wireshark> | File "/usr/lib/python2.7/dist-packages/gi/__init__.py", line >> 118, in require_version >> wireshark> |> raise ValueError('Namespace %s not available' % namespace) >> wireshark> | ValueError: Namespace Gdk not available >> wireshark> | for python sys.version_info(major=2, minor=7, micro=13, >> releaselevel='final', serial=0) >> wireshark> | xpra command=['/usr/bin/xpra', '_sound_query'] >> wireshark> | 2017-10-09 17:52:51,997 GStreamer version 1.10.4 for Python >> 2.7.13 64-bit >> wireshark> | 2017-10-09 17:52:52,114 2.8GB of system memory >> wireshark> | 2017-10-09 17:52:52,160 started command 'wireshark' with pid 53 >> wireshark> | 2017-10-09 17:52:52,161 xpra X11 version 2.1.2-r16903 64-bit >> wireshark> | 2017-10-09 17:52:52,161 uid=1000 (wireshark), gid=1000 >> (wireshark) >> wireshark> | 2017-10-09 17:52:52,161 running with pid 1 on Linux Debian 9.1 >> stretch >> wireshark> | 2017-10-09 17:52:52,162 connected to X11 display :0 with 24 >> bit colors >> wireshark> | 2017-10-09 17:52:52,434 xpra is ready. >> >> Thanks a lot >> Florian Feldhaus >> >> Principal Consultant, Professional Services >> NetApp Deutschland GmbH, Gladbecker Str. 5, D-40472 Düsseldorf >> +49 151 12055 711 Mobil >> [email protected] >> >> NetApp Deutschland GmbH, Sonnenallee 1, 85551 Kirchheim bei München >> Handelsregister: AG München HRB113907, VAT#: DE 182 196 996Geschäftsführer: >> Jörg Heßke, Claudia Berchtold, Stephen Faulkner >> >> _______________________________________________ >> shifter-users mailing list >> [email protected] >> http://lists.devloop.org.uk/mailman/listinfo/shifter-users >> > > _______________________________________________ > shifter-users mailing list > [email protected] > http://lists.devloop.org.uk/mailman/listinfo/shifter-users > _______________________________________________ shifter-users mailing list [email protected] http://lists.devloop.org.uk/mailman/listinfo/shifter-users
