Proxy Server

This new feature in version 0.11 (see #426) allows a single xpra server to provide access to many xpra sessions through a single entry point, without using SSH for transport/authentication.

This can be very useful for hosts that have a limited number of publicly accessible ports, or for clients accessing servers through firewalls with outbound port filtering. (ie: you can put the server on port 80 or 443)

Depending on the Authentication module configured, the proxy server can expose:

• all local xpra sessions after user authentication
• a custom list of sessions configured through the "file-auth" mechanism

To start the proxy server, simply run:

xpra proxy :20 --auth=sys --bind-tcp=0.0.0.0:443

Note: if you run this command as root, all the user sessions will be exposed. If you run it a normal user, only this user's session will be exposed. Once authenticated, the proxy server spawns a new process and no longer runs as root.

When attaching, the client usually needs to specify its password using the --password-file switch, and if there is more than one session for that user, it will also need to specify which display it wishes to connect to, using one of those two switches:

• the "--display=:N" switch
• the attach syntax: "tcp:SERVER:PORT:DISPLAY

ie:

xpra attach tcp:127.0.0.1:443 --password-file=./password.txt --display=:100