This is an old revision of the document!
The X2Go Session Broker falls into three components.
X2Go Session Broker can either be installed as a standalone Daemon, or it can be integrated into Apache2 (or other httpd) using 'mod_wsgi
'.
Package name: 'x2gobroker-daemon
'
On Debian based systems:
$ sudo apt-get install x2gobroker-daemon
The standalone daemon setup works out of the box, but can only bind to IP ports greater than 1024. However, for security, the X2Go Session Broker standalone daemon only binds to the IPv4 localhost device.
Check /etc/defaults/x2gobroker-daemon
for modifying the daemon's bind address.
Package name: 'x2gobroker-wsgi
'
On Debian based systems:
$ sudo apt-get install x2gobroker-wsgi
For production deployments, the WSGI based setup is probably preferrable. With Apache2+WSGI you can provide VirtualHost setups with many different broker configurations on the same machine. You can also use the Apache2-way of setting up SSL support.
With the Apache2+WSGI setup you can integrate the X2Go Session Broker functionality into a complex X2Go Broker site (e.g. with a session configuration WebUI).
In the source code of X2Go Session Broker we provide two example configurations for Apache2+X2GoBroker:
The concept of X2Go Session Broker as provided in X2Go Git is highly modular. The X2Go Session Broker Daemon can be easily extended with broker backends and WebUI frontends.
Other broker backends (written in Python) can be added easily if needed. Contact the X2Go developers for further information on custom broker backend development.
'plain
' WebUI frontend: usable with X2Go Client'uccs
' WebUI frontend: usable with Unity Greeter (experimental)
Package name: 'x2gobroker-authservice
'
On Debian based systems:
$ sudo apt-get install x2gobroker-authservice
The X2Go Session Broker Authentication Service normally gets installed on the machine that also has x2gobroker-daemon
or x2gobroker-wsgi
installed. The broker code itself runs as system user x2gobroker
whereas the authentication service has to run as root. By security design, the functionality of the broker that requires root privileges has been separated from the rest of the broker.
The X2Go Session Broker Authentication Service requires root privileges for a few PAM based authentication backends. The default installation authenticates against PAM, on default Linux systems, PAM authentication (pam_unix.so
) requires root privileges by the authentication process.
With other PAM setups (e.g. pam_ldap.so
) root privileges are not required and it is ok to not install x2gobroker-authservice
.
Furthermore, X2Go Session Broker can be extended by other (non-PAM) authentication methods. The currently available authentication mechanisms in X2Go Session Broker are listed here.
For a basic configuration with the INI file backend and the standalone daemon (recommended for beginners) you only need to touch. Click on the config file names below to retrieve more info on how to modify/tweak those individual files.
The X2Go Session Broker uses several more configuration files. Below is a complete list (for version 0.0.2.x, if not applicable to later versions anymore, please update the below lists). The files are linked to their initial layout (in X2Go Git) to show what they look like directly after installation of the session broker packages.
X2Go Session Broker's Core: /etc/default/python-x2gobroker (enviroment variables, used to set defaults in Python X2Go Session Broker with impact on the daemon and the authentication service), /etc/x2go/x2gobroker.conf (main configuration file), /etc/x2go/broker/x2gobroker-sessionprofiles.conf (configuration file for the INI file backend), /etc/pam.d/x2gobroker (PAM configuration for X2Go Session Broker Authservice), /etc/x2go/broker/x2gobroker-loggers.conf (don't touch!)
X2Go Session Broker Daemon: /etc/default/x2gobroker-daemon (enviroment variables, used to set defaults in Python X2Go Session Broker with impact on the daemon only), /etc/logrotate.d/x2gobroker-daemon (rotate broker logfiles)
X2Go Session Broker WSGI: /etc/x2go/x2gobroker-wsgi.apache.conf (global implementation, enabled by default) /etc/x2go/x2gobroker-wsgi.apache.vhost (VirtualHost example for the WSGI implementation of X2Go Session Broker) /etc/logrotate.d/x2gobroker-wsgi (rotate WSGI logfile)
X2Go Session Broker Authentication Service: /etc/default/x2gobroker-authservice (enviroment variables, used to set defaults in Python X2Go Session Broker with impact on the authentication service only), /etc/x2go/broker/x2gobroker-authservice-logger.conf (don't touch) /etc/logrotate.d/x2gobroker-authservice (rotate the authentication service's logfile)
If you want to check the broker funtionality with your web browser, please make sure you have enabled the debug mode of the broker. Make sure that before launching the 'x2gobroker
' executable the environment variable X2GOBROKER_DEBUG
is set to 1.
On Debian based systems, this can be done in /etc/defaults/x2gobroker-daemon
or the Apache2-WSGI configuration of X2Go Session Broker in /etc/x2go/x2gobroker-wsgi.apache.*
. Make sure to restart the corresponding service (x2gobroker-daemon resp. apache2) after you have changed either of those config files:
For x2gobroker-daemon
…
$ invoke-rc.d x2gobroker-daemon restart
For Apache2/WSGI/X2Go Session Broker setup…
$ invoke-rc.d apache2 restart
The different backends and frontends can be accessed with this URL pattern:
http(s)://<broker-base-url>/<frontend>/<backend>
Where…
<broker-base-url>
is <hostname>:<port>/<broker-base-path><frontend>
can be either of the available broker WebUI frontends (except the files base.py and extras.py all files here are broker WebUI frontends)<backend>
can be either of the available broker WebUI frontends
Example: http://localhost:8080/plain/zeroconf