Xpra

From ArchWiki

From the Xpra website:

Xpra is 'GNU Screen for X': it allows you to run X programs, usually on a remote host, direct their display to your local machine, and then to disconnect from these programs and reconnect from the same or another machine, without losing any state. It gives you remote access to individual applications.

  • Xpra is "rootless" or "seamless": programs you run under it show up on your desktop as regular programs, managed by your regular window manager.
  • Sessions can be accessed over SSH, or password protected over plain TCP sockets.
  • Xpra is usable over reasonably slow links and does its best to adapt to changing network bandwidth limits. (see also adaptive JPEG mode)
  • Xpra is open-source (GPLv2+), multi-platform and multi-language, with current clients written in Python and Java.

Installation

Install the package xpra or xpra-gitAUR, on the server and the clients.

Usage

Run application "single shot"

To run an application remotely over SSH without starting an xpra server on the host it is running on in advance, you can simply use this command on your client machine: 

$ xpra start ssh:user@host --exit-with-children --start-child="command"

Where "command" is the command you would start on the remote hosts shell. This will start xpra remotely and shuts down the xpra server when the command exits.

If you see Public Key not accepted by remote side, .ssh/config not used correctly, try to use your normal system ssh client instead of the integrated Paramiko SSH client: 

$ xpra start --ssh="ssh" ssh:user@host --exit-with-children --start-child="command"

Run applications in a persistent xpra server on the remote host

If you want to have a persistent server on the remote machine, you can start an xpra server on the machine where you want to run the applications (we are using display number 7 here): 

$ xpra start :7

Now you can start an application, e.g. firefox: 

$ DISPLAY=:7 firefox

Or, if you want to start a screen session and execute the programs from there to be able to close the console: 

$ DISPLAY=:7 screen
[screen starts]
$ firefox

Note that if you start screen like this you do not have to specify the display number when executing programs. They will be running on the xpra display automatically.

After running these commands, you do not see any windows yet. To actually see the applications on your display, you have to connect to the xpra server. If you are connecting to an xpra display on the same machine, start the xpra client like this: 

$ xpra attach :7

Or, if you are connecting to a remote machine over ssh: 

$ xpra attach ssh:user@example.com:7

After starting the client, any programs running on the remote server display are displayed on your local screen. To detach, type ctrl-c or use the command: 

$ xpra detach ssh:user@example.com:7

Programs continue to run on the server and you can reattach again later.

You can stop the server with: 

$ xpra stop :7

on the machine where the server is running, or remotely: 

$ xpra stop ssh:user@example.com:7

Run whole desktop environment

To run whole desktop (on the server side): 

$ xpra start-desktop :7 --start-child=xfce4-session --exit-with-children

where:

  • :7 is a number of xorg DISPLAY session
  • --start-child=xfce4-session run xfce4 session as child on xpra server
  • --exit-with-children mean that server will be closed after session logout (children exit)

To attach it (on the server side): 

$ xpra attach :7

To attach it (on the client side): 

$ xpra attach ssh:user@example.com:7

To detach press ctrl+c on terminal or run: 

$ xpra detach :7
Tip: Screen resolution can be changed with xrandr.

Shadow remote desktop

To clone:

  • display must be auth by this same user as ssh login to
  • display must be shown on remote screen

To shadow desktop run this on the client side: 

$ xpra shadow ssh:DISPLAY_user@example.com:DISPLAY_number

As xorg sandbox

Sandboxing can be achieved with firejail:

  • for application sandbox (change eth0 to your interface name or to none): 
    $ firejail --x11=xpra --net=eth0 firefox
  • xpra attach, etc: 
    $ firejail --net=eth0 xpra [...]
Note: --net=eth0 creates a separate namespace for the network. This is necessary to hide all xorg or system sockets from xpra, otherwise a sandbox is most likely ineffective (issue-54#153757284).

More

For a complete manual, see xpra(1).

Tips and tricks

Start at boot

Server

It is possible to start the xpra server at boot using a systemd unit.

Create the unit file: 

/etc/systemd/system/xpra@.service
[Unit]
Description=xpra display

[Service]
Type=simple
User=%i
EnvironmentFile=/etc/conf.d/xpra
ExecStart=/usr/bin/xpra --no-daemon start ${%i}

[Install]
WantedBy=multi-user.target

Now create the configuration, adding a line for each username you want to have an xpra display: 

/etc/conf.d/xpra
myusername=:7

Enable the service for each username that owns a display. In this example, the service would be xpra@myusername.service.

Client

Note: If the client is a remote machine, first of all use SSH keys to be able to connect to the server without typing a password. Read SSH keys for more details.
Method 1: .xinitrc

Add to your ~/.xinitrc file the line necessary to start the connection, adding an & at the end of the line.

Make sure to add such line before the exec line.

For example, on a remote client it could be: 

~/.xinitrc
xpra attach ssh:user@example.com:7 &
Method 2: systemd user session

Configure your session to use systemd user session. Read Systemd/User for details.

Note: Make sure you understand the difference between systemd user session services, and regular systemd services. Again, read the Systemd/User for details.

Create the following service unit: 

~/.config/systemd/user/xpra-client@.service
[Unit]
Description=xpra client

[Service]
Type=simple
EnvironmentFile=%h/.config/conf/xpra_client
ExecStart=/usr/bin/xpra attach %i $OPTS

[Install]
WantedBy=default.target

Create the configuration file, using the options you want: 

~/.config/conf/xpra_client
OPTS=--encoding=jpeg --quality=90

The service name would be in the format of xpra-client@ssh:username@hostname:<display number>.service.

Example: xpra-client@ssh:myuser@example.com:7.service

Enable that service as a user unit.

Troubleshooting

Error: Only console users are allowed to run the X server

If the execution fails with this error message in the log file you need to make the following changes:

Create the following: 

/etc/X11/Xwrapper.config
allowed_users=anybody

Error: failed to connect to display :100

Sometimes this errors are produced: 

/run/user/1000/xpra/:100.log
(EE) Fatal server error:
(EE) parse_vt_settings: Cannot open /dev/tty0 (Permission denied)
(EE) Server terminated with error (1). Closing log file.

To solve it is necessary run with --xvfb=/usr/bin/Xorg. Example: 

$ xpra start ssh://$USER@$SERVER/100 --start-child=/usr/bin/terminator --xvfb=/usr/bin/Xorg

See also

Retrieved from "https://wiki.archlinux.org/index.php?title=Xpra&oldid=797609"