X2Go's HTML client makes use of HTML5, JavaScript, and WebSockets to provide graphical access to a remote host with no client-side requirements other than a modern browser. The x2gohtmlclient package, served by a web server, provides the JavaScript front-end. X2gohtmlclient works with the x2gowebrpc and x2gowswrapper packages, which run on the server. Aside from the aforementioned X2Go packages, the server-side requirements include

• a web server,
• minify,
• Qt 5 and Qt 5 X11 Extras,
• the CGI, JSON, Encode, Expect, and File::Touch Perl modules, and
• python-websockify.

X2Go provides instructions for configuring the NGINX web server, but you can substitute another server if you prefer. Your operating system distribution likely provides packages containing the dependencies not provided by X2Go.

Client HTML page. This page can be modified or embedded in existing webpage. It has two modes: native client and embedded client. User can use native client if recent version of X2Go client is installed on the system. In this case, the page will generate x2go session file, which will be automatically opened with x2go client. Second mode is to use embedded HTML Client (only supports X2GoKdrive). The HTML page provides user input for the next settings:

X2Go Server address
Username
Password
Command to execute (KDE, GNOME, ICEWM, etc)
SSH Proxy (if not specified no proxy will be used)
Proxy login
Proxy password

The HTML page can be modified to predefine one or more of this settings. Important functions inside of this page should be defined:

function getServer()
function getUname()
function getPass()
function getCommand()
function getName()
function getProxy()
function getProxyUser()
function getProxyPass()

The HTML Page to run X2Go client in separate window. By default the session's window is embedded in the start page. User can “detach” the session to separate window using “new window” button. After that session will be shown in the separate window and can be resized, opened in full screen, etc.

WEB styles for HTML pages

Image resources

Communication between HTML page and X2Go HTML Client

Communication between X2Go RPC script and X2Go HTML Client

X2GoKdrive JS client

CGI script for communication between HTML Client and X2Go server. It connects to X2Go server using ssh, starts/resuming sessions, opens SSH tunnels, etc

The application that is connecting TCP sockets of X2GoKdrive agent with web sockets for HTML Client.

We describe how to configure NGINX and fcgiwrap, but you can substitute any web server that provides the needed features.

/etc/nginx/sites-available/<your host>-ssl:

server {
  listen 443 ssl;
  server_name your_host;
  ssl_certificate "/etc/pki/nginx/server.crt";
  ssl_certificate_key "/etc/pki/nginx/private/server.key";
  ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
  ssl_protocols TLSv1.2;
  ssl_prefer_server_ciphers off;
  ssl_session_timeout 5m;
  ssl_session_cache builtin:1000  shared:SSL:10m;
  ssl_session_tickets off;
  root /var/www/html;
  proxy_read_timeout 300;

  location /assets/ {
    add_header Strict-Transport-Security "max-age=31536000";
    add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' data: blob: ws: wss:; script-src 'self' 'unsafe-inline'";
    add_header Feature-Policy "vibrate 'none' ; microphone 'none' ; camera 'none' ; gyroscope 'none' ; magnetometer 'none' ; geolocation 'none' ; midi 'self' ; notifications 'self' ; push 'self' ; sync-xhr 'self'";
    add_header Referrer-Policy "same-origin";
    add_header X-Content-Type-Options "nosniff";
    add_header X-Frame-Options "SAMEORIGIN";
  }

  location ~* \.(pl|cgi)$ {
    gzip off;
    include /etc/nginx/fastcgi_params;
    fastcgi_pass  unix:/var/run/fcgiwrap.socket;
  }

  location ~ ^/x2gows/(.*)$ {
    proxy_pass       https://127.0.0.1:$1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_http_version 1.1;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_intercept_errors on;
    proxy_redirect off;
    proxy_cache_bypass $http_upgrade;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-NginX-Proxy true;
    proxy_ssl_session_reuse off;
  }
}

Run ./minify.sh to combine x2gohtmlclient's JavaScript classes and remove the whitespace from the result. The output will be dist/x2gokdriveclient.min.js, and you should copy this file to $WEBROOT/assets/js/.

The other assets should be installed as follows:

• Place index.html in $WEBROOT/assets/css/.
• Place css/* in $WEBROOT/assets/css/.
• Place img/*/*/* in $WEBROOT/assets/img/.

Copy x2gorpc.cgi to $WEBROOT/assets/rpc/.

Build x2gowswrapper using qmake:

$ qmake-qt5 && make

Install the resulting program named x2gowswrapper to /usr/sbin/.

Create the directory /var/log/x2gows, and ensure the web server's user can create and modify files therein.

Create the file named /etc/x2go/x2gows/x2gows.options that contains the following:

ws_proto=wss
ssl_cert=/etc/pki/nginx/server.crt
ssl_key=/etc/pki/nginx/private/server.key
ssl_only=true
log_dir=/var/log/x2gows

Ensure the values of ssl_cert and ssl_key match the corresponding values in NGINX's configuration, and ensure the user running NGINX can read the files at both paths as well as the configuration file itself.