Thanks. Just one more clraification.Any chance, I can get end-to-end AES
encryption in this setup (i.e. several Xpra server and Xpra Proxy with several
clients connected)? Meaning, can I have encryption from server1 to client1 and
server2 to client2?Can multifile contain AES keys? Instead of passwords can
proxy resolve the users based on AES keys?
Regards,
Mukul
( https://sites.google.com/site/mukulagrawal )
On Tuesday, August 30, 2016 1:40 AM, Antoine Martin via shifter-users
<[email protected]> wrote:
On 30/08/16 14:04, Mukul Agrawal via shifter-users wrote:
> I have a couple more questions.
>
>
> I would like to modify your detailed example at :-
> https://xpra.org/trac/wiki/ProxyServer
>
> 1. Can I use AES encryption with xpra proxy? (AES key transport is not an
> issue for me.)
Yes.
> I am guessing I will still need to use multifile to figure which user has
> access to which proxied sesssion?
Correct.
> Something like following :-
>
> xpra proxy :100 --bind-tcp=0.0.0.0:443 --tcp-encryption=AES
>--tcp-encryption-keyfile=key.txt --auth=multifile:filename=./xpra-auth
> xpra attach tcp:$PROXYHOST:443 --tcp-encryption=AES
> --tcp-encryption-keyfile=./key.txt
> --username=myusername --password-file=./password.txt
>
> 2. In my case, several Xpra servers are running on the same machine with
> different display numbers. Xpra proxy will also run on the same machine. I do
> not like to open so many ports for xpra server instance to the external
> world. Any alternative suggestion?
SSH mode only requires the SSH port, but then you would also have to
restrict the user accounts to only be able to execute the xpra command.
> Can these servers be attached to unix domain sockets instead and can
still be proxied?
> xpra start :10 --bind=socket1
> xpra start :11 --bind=socket2
The multifile can contain display information in the same format as the
client connection string. ie:
:DISPLAY
ssh/username:password@host:SSHPORT/DISPLAY
tcp/host:port/
ssl/host:port/
PS: not tested recently, but this re-uses the same code as the client.
Cheers
Antoine
>
> Regards,
> Mukul ( https://sites.google.com/site/mukulagrawal )
>
> On Monday, August 29, 2016 10:06 AM, Mukul Agrawal via shifter-users
><[email protected]> wrote:
>
>
> I am running several instances of XPRA servers each listening to certain
>display number on a remote Ubuntu machine.
> Each instance is binding to different TCP port in the range of 1000 to
> 1050.When I connect using web-browser on my local laptop to the
> same-IP-address:different-ports, I can see the graphics being streamed on
> these different display numbers.
>
> Now, I dont really want to server any other webpages. I just want to see XPRA
> traffic on web browser on the client side -- nothing else. In fact, I would
> prefer to stop/filter any request to access for non-xpra traffic. Do you have
> any reccomendation on how to best set it up?
>
> Also what is the best choice for me to make it as secure and as authenticated
> as possible? Specifically, which option flags should I use while starting the
> server?
>
> Considering my application (i.e. only xpra-traffic and no other web
> applications being served) , do you see any pro/cons of using a standard
> web-server (such as apache) instead of the server that comes with
> web-sockify. Either from security point of view or any other?
>
> Thanks, greatly appreciate any pointers or advice.
>
> Regards,
> Mukul
> ( https://sites.google.com/site/mukulagrawal )
> _______________________________________________
> shifter-users mailing list
> [email protected]
> http://lists.devloop.org.uk/mailman/listinfo/shifter-users
>
>
>
> _______________________________________________
> shifter-users mailing list
> [email protected]
> http://lists.devloop.org.uk/mailman/listinfo/shifter-users
>
_______________________________________________
shifter-users mailing list
[email protected]
http://lists.devloop.org.uk/mailman/listinfo/shifter-users
_______________________________________________
shifter-users mailing list
[email protected]
http://lists.devloop.org.uk/mailman/listinfo/shifter-users
