The idea is to be able to connect to several servers from one proxy. For example if we have the proxy0.host as proxy and serv0.host, serv1.host, serv2.host as server not directly accessible.
For a user the path should look like:
user$ xpra start tcp:login@serv0.host:100 --start-child="xterm" --with-proxy=proxy0.host [whatever usual option] user$ xpra start tcp:login@serv1.host:100 --start-child="xterm" --with-proxy=proxy0.host [whatever usual option] user$ xpra attach tcp:login@serv0.host:100 --with-proxy=proxy0.host [whatever usual option] user$ xpra attach tcp:login@serv1.host:100 --with-proxy=proxy0.host [whatever usual option] user$ xpra stop tcp:login@serv0.host:100 --with-proxy=proxy0.host user$ xpra stop tcp:login@serv1.host:100 --with-proxy=proxy0.host
This is somewhat similar to #576, so some of the questions will be the same.
--proxy-for=
or --with-server=
or --display=
..), which also makes this ticket much more similar to #574
Replying to totaam:
This is somewhat similar to #576, so some of the questions will be the same.
- I think the syntax should be reversed: the connection point should always be the proxy, specifying the target server / session should be the new argument (
--proxy-for=
or--with-server=
or--display=
..), which also makes this ticket much more similar to #574
I do not have particular preference, reversing the command line option is fine.
- Do you want to support both tcp and ssh connections to the proxy? (not sure it makes much difference, just curious)
Imo, I will say no, If I could choose I would choose to drop ssh completely, and allow Xpra to work like sshd, i.e. a standalone server that authenticate users, crypt the connection and start session by itself while being able to pass through a proxy.
- Do we need both tickets? Or can we achieve #574 with this one? (or even the other way around - either way, maybe consolidate in one ticket?)
This ticket is more general :) but at the moment this could be merged.
- How do we perform access control (the servers and ports that the proxy will accept to proxy for)? Turn the feature on or off?
We have to think about configuration file like sshd_config. But it make this more complicated. At this moment just allowing or disallowing proxy should be fine while user is authenticated.
- This sort of setup usually benefits from having failover and load-balancing of the backend servers, which is something else to think about: if multiple servers are available through the proxy, a very common use case would be to let the proxy decide which server to delegate to.
This can be a useful feature, the sever could track connection and choose a server for the user. But imo, the main usage of proxy is to allow user to remotly use a particular internal server, like screen+ssh.
Any update on this? Can I close it?
Not heard back, closing.
this ticket has been moved to: https://github.com/Xpra-org/xpra/issues/574