Voyageur's corner

To content | To menu | To search

Friday 26 April 2013

Backporting Apache support for websockets reverse proxy (aka getting GateOne to work behind Apache)

Recently, I have been toying around with GateOne, a web-based SSH client/terminal emulator. However, installing it on my server proved to be a bit challenging: it requires tornado as a webserver, and uses websockets, while I have an Apache 2.2 instance already running with a few sites on it (and my authentication system configured for my tastes)

So, I looked how to configure a reverse proxy for GateOne, but websockets were not officially supported by Apache... until recently! Jim Jagielski added the proxy_wstunnel module in trunk a few weeks ago. From what I have seen on the mailing list, backporting to 2.4 is easy to do (and was suggested as an official backport), but 2.2 required a few additional changes to the original patch (and current upstream trunk).

A few fixes later, I got a working patch (based on Apache 2.2.24), available here:

Recompile with this patch, and you will get a nice and shiny module file!

Now just load it (in /etc/apache2/httpd.conf in Gentoo):
<IfDefine PROXY>
LoadModule proxy_wstunnel_module modules/

and add a location pointing to your GateOne installation:

<Location /gateone/ws>
    ProxyPass wss://
    ProxyPassReverse wss://

<Location /gateone>
    Order deny,allow
    Deny from all
    Allow from #your favorite rule


Reload Apache, and you now have Gateone running behind your Apache server :) If it does not work, first check GateOne log and configuration, especially the "origins" variable

For other websocket applications, Jim Jagielski comments here :

ProxyPass /whatever ws://websocket-srvr.example/com/

Basically, the new submodule adds the 'ws' and 'wss' scheme to the allowed protocols between the client and the backend, so you tell Apache that you'll be talking 'ws' with the backend (same as ajp://whatever sez that httpd will be talking ajp to the backend).

Update 1: a user-friendly howto on how to apply this patch on Ubuntu is now available here

Wednesday 9 December 2009

chromium (the web browser) on Gentoo FAQ

As you've probably already heard from one of your favourite sites (slashdot, phoronix, ...), Google has just released the first beta-quality version of Google Chrome for Linux. I figured this was as good a time as another to collect and answers a few questions frequently asked on it, or rather on chromium which is the open-source version available in portage

  • What's the difference between Google Chrome and Chromium? Well, chromium web site has a nice page summing it up here. So emerging chromium will get you a browser very close to Google Chrome, except the log and a few Google specific report links (the sandbox is enabled in gentoo chromium)
  • Why does it depend on ffmpeg (and a recent version of it)? For HTML5 audio/video tags support. There is now a USE-flag to disable this dependency if you are on a stable system and do not need this
  • Where do the source tarballs come from? Are they official ones? I create them manually, based on the SVN dependencies listed for each revision here. And it does take some time (checking out their huge tree, trying to get rid of as much bundled sourcecode as possible, ...) For now, I track the developer releases, but may switch to beta releases some time. Especially now that upstream is finally considering making source tarballs available :) Bug report is here. There is also another bugreport interested people can track, number 28287, which lists all bugs that would make our life easier, "our" as in distrib packagers, read this recent rant by the Fedora packager for chromium. Also interesting to read is Evan's answer, digging into what is exactly there in the 3rd party folder.
  • I want to debug/run gdb on it: again the chromium wiki has a nice page on it. The usual recommendations apply of course
  • Will google-chrome-bin get in the tree? This is bug #272805. Right now we have chromium-bin, installed from snapshots generated by chromium test farms, with SVN revisions close to the from-source packages. Right now I don't see a lot of benefits between chromium-bin and official google-chrome (except a shiny logo?), but if that changes I'll probably add it to tree (in addition to/replacing chromium-bin). Or if another dev decides to add it ;)

So that's it for the first round of questions, add yours in comments if it's still unanswered ;)

Wednesday 9 September 2009

neatx and chromium in portage status updates

Yesterday, I finally found the bug which prevented neatx from working on my system (thanks upstream for the debugging), so in your next portage sync, you'll find net-misc/neatx-0.3.1_p43 ready for your testing! If you don't need vnc/sound/printer tunneling or load-balancing, neatx is easier to set up than freenx and works great out-of-the-box. Thanks again to Mike Auty (ikelos) for his work on the ebuild.

Another work-in-progress for me these days is a source ebuild for chromium (open-source version of Google Chrome). A binary version (chromium-bin) has been available in portage for some time now (with amd64 support added recently), but source version ebuild had some problems. Now my current version (available in my overlay for the curious) has fixed most of them, including use of system libraries, makefiles use instead of scons, --as-needed support, ... So why is it not yet in portage? Well, for now the tarballs from upstream are not yet available, so you won't go past the fetch phase ;) These should be available soon, once available you can expect chromium to quickly land in a portage tree near you.

By the way, if chromium crashes at startup for you (either binary or source version), they finally found the cause: you are probably using nvidia-drivers and nvidia opengl (via eselect opengl). However the from nvidia overrides dlsym/dlopen (dynamic linker functions) with broken replacements, breaking applications relying on these functions! Chromium devs implemented a workaround, available for -bin in versions >=, but expect some breakage in time-related functions. All the gory details are here:

And now to change a bit from technical talks, I wanted to say a big "thank you" to all of you Gentoo users who spend time filing bugreports, fixing, writing or rewriting ebuilds, debugging and finding the cause for all sorts of bugs (finding that some dynamic linkers break with specific video cards for example...), in short to all of you who work to make your distro a better one! And recently, a special thanks to Bernd Lommerzheim, who helps me a lot in proftpd maintenance, up to providing an entirely new ebuild for latest version, with lots of fixes and new features.

Friday 17 July 2009

Yet another open-source NX server!

In my last post about FreeNX future, I had mentioned the efforts on a freenx-redesign branch, which seemed to have stalled.

Well, trust the guys at Google that worked on this redesign, they did not give up, and in fact publicly announced the first public release of neatx, the result of the redesign work. While still missing some of the features available in FreeNX, it does already have some original ones, like the drop-down menu for session control in rootless sessions (which is something I use a LOT when running pidgin remotely from home :) ). I'll make sure to prepare an ebuild (in your favourite NX overlay first as usual) when they tag a new version (first released one has some bugs that were quickly found).

Now, you may be lost between the multiple servers (including the dead ones), considering I never blogged about tacix, a remote server using NX, but with a different approach from the 'official' NoMachine way (with the specifix 'nx' user, ...), making heavy use of dbus, and with its own client. For now, it's still in the early versions, but it has potential!

So which server will you install on your (Gentoo, but other work of course) system? Here are the 'active' ones:

  • Official NX server (net-misc/nxserver-freeedition in portage), closed-source, limited to 2 concurrent sessions, but has all the features. If you want to quickly try NX!
  • FreeNX (net-misc/nxserver-freenx in portage), oldest and most complete open-source version, but its development stalled. The last ebuilds in tree use the branch from the Ubuntu folks, which fixes a few bugs compared to the last upstream source. If you want a stable open-source version
  • X2GO (net-misc/x2goserver and x2goclient in portage, some extended parts are still in the NX overlay). Maturing fast, and worth a try. This one is brought to you thanks to Joachim Langenbach, who does most of the work on the x2go* ebuilds :)

And in the future:

  • tacix, for its simpler architecture (think x2go without postgresql,ldap and friends).
  • neatx, which I hope will provide a suitable replacement for freenx soon

Wednesday 4 March 2009

Incoming gnustep-make parallel support

When I add gnustep-make-2.2.0 to portage, repoman (our QA and commit tool) will at last be happy, as from this version, it won't be necessary to force -j1 make flag! This will also allow parallel make for all gnustep packages in our tree(as the gnustep eclass forces -j1). No need to sync again and again your portage tree, this version is not yet released ;) Original announcement is here

Some other entries on my gentoo/gnustep TODO list: the Etoile packages in the gnustep overlay need some cleanup (some keywords should be dropped for example Melodie player, maybe bump llvm to 2.5, but I hope some other dev will look into it before me), and updates when 0.4.2 will be released, gnustep packages, fix AC_CANONICAL_TARGET usage found in most of gnustep-base packages (thanks Flameeyes for finding more work for us ;) ), and filter -Werror in some of our packages (helps when switching to newer GCC for example),

FreeNX future

Hum, it's been some time since I last blogged on these Gentoo packages I handle! Let's catch up a bit!

There is a thread running on freenx mailing list about current lack of new commits in freenx SVN. Main developer seems to be MIA (after starting a migration to github) and freenx as it is needs to be rewritten from scratch anyway (some work had been done in a freenx-redesign branch, but it seems abandoned too now). Of course, the ideal thing would be to finally get NX natively in, but that's not for the close future

So where does this leave us? Debian/Ubuntu packagers have created a freenx team, and manage a bzr tree with more and more fixes and updates (like shadowing local X sessions and stubs for guest sessions). Once I've figured out how to "tag" gentoo versions from it, this will probably be the new source for freenx packages (at least until upstream resumes development)

And if you want to try an alternative GPL server, remember to try x2go from the NX overlay ;) I have not added them to main portage tree yet, but hope to do so real soon (tm)

Thursday 18 December 2008

X2go ebuilds status update

In a previous post, I spoke about new ebuilds for X2go client and server, a GPL remote desktop solution that's based on NX technology, but in a different way compared to nxserver. With lots of help from Joachim Langenbach in bug #249600, I'm glad to say now that ebuilds in the NX overlay for both client and server work fine, and will probably moved to portage soon (ldap management ebuilds will probably wait a bit longer in the overlay, as I cannot test them for now).

For pros and cons, X2go does not need a special "nx" user on the server, you can use your ssh private key (as you log in directly as your real user), both client and server are GPL are not limited in number of connections, remote mounting of directories is easy (via sshfs/fuse), administration of the server can be done via kde control panel elements (including ldap accounts, if you use it). However x2go requires a running postgresql database on the server, does not support VNC/rdesktop proxying or shadow sessions, and some of the nice advanced features seem reserved to dedicated thin clients setups (like saving your session on a usb key, ...).

Anyway, if you're curious to try it, 'layman -a nx' and then emerge either x2goclient or x2goserver depending on which computer you are ;)

Thursday 4 December 2008

NX servers and clients, old and new

Nomachine recently released a new major version (3.3.0), which did not introduce many new features, but fixed some bugs (some keys did not work here on my french keyboard for example), and generally feels "snappier" (in my opinion of course, test and check it for yourself ;) ). It is available in portage for both free server edition (binary only, 2 concurrent connections), and for freenx (open-source, no connections limit).

For some time an alternative client/server from 2X has been available in portage, as net-misc/nxclient-2xterminalserver and net-misc/nxserver-2xterminalserver. Based on old NX 1.5, it provided both a GPL client (missing the > 2.0.0 NX features though) and a working server close to Nomachine one. However it never really got any updates since it was made available. Upstream closed down the website, the client needs fixes for gcc 4.3 and --as-needed, does not work well with current NX servers, the server is still based on old NX code (and is probably vulnerable to some xorg security issuse), so this is last rites time for both of them. They will still be available in the NX overlay if you need them.

Open-source alternatives are availble in portage: net-misc/qtnx for client, net-misc/nxserver-freenx for server.

Now I promised to talk about newer NX systems right? A new bug report was recently opened on x2go, a "server based computing environment" which uses NX technology but is not a clone of current nxclient/nxserver. Nice thing is everything is open-source, including the client (ebuild for it already works). Now some work is needed before there is a x2goserver package in portage, but that will certainly make a nice alternative to current NX servers available. If you already use it, don't hesitate to come and comment on the bug!

Note to myself: I really need to write some documentation on all of these one day...

Monday 3 November 2008

Etoile 0.4 - coming soon! Window Maker 0.92.1 too :)

If you wander by the Etoile web site, you'll see that Etoile 0.4 is right around the corner! Initial mail for this version detailed that "the focus for 0.4 will be frameworks, developer tools, example apps, and documentation". So the "stable" packages list will be shorter than old 0.2 release. But don't despair, you'll still get updated packages, including camaelon (GNUstep theming engine)

As for ebuilds availability... I'll update the ebuilds already in portage soon after the official release (camaelon, popplerkit, ...). The Etoile ebuilds in the gnustep overlay will come later (first cause of delay will be additional requirement on LLVM, which is not in portage for now)

On the releases news front, the guys behind the Window Maker revival have made some progress too: a Mercurial repository is up, people chat on #windowmaker (Freenode), and a new bugfix release should come quickly (this will clean up the patchet currently in use in the ebuild!). After that, new features? We'll see!

Sunday 6 July 2008

SOGo now available in the GNUstep overlay, Window Maker revival?

IF you want to try another groupware server, I finally made up ebuilds for Scalable, SOGo for short. These are available in the GNUstep overlay for now (it seems to work fine, but I lack the full server installation needed to completely test it, mostly an IMAP server with LDAP backend).

From the SOGO folks:

SOGo is a free and modern scalable groupware server. It offers shared calendars, address books and emails through your favorite Web browser or by using a native client such as Mozilla Thunderbird and Lightning. SOGo is standard-compliant and supports CalDAV, CardDAV, GroupDAV and reuses existing IMAP, SMTP and database servers - making the solution easy to deploy and interoperable with many applications.

For the curious, a demo web site is running here. Feedback appreciated of course if you try it on Gentoo

On other news, I noticed that the Window Maker web site is back up, stating: Back Online posted on 2008-06-30 09:04:16 by kairi has been brought online as of early July, 2008. We are currently working on reimplementing the site in a more modern, safe fashion, while at the same time restoring all services required for development and communication. With that said, we are working very hard to revitalize Window Maker's presence on X Window (and perhaps beyond) desktops. With this new focus, we can now truly assert that Window Maker will be resuming active development very soon. We expect to once again provide the de-facto minimalist yet extremely functional window manager to the world.

This has been my main window manager since... well a loooong time, I'm crossing fingers and hoping it will really come back from the dead projects world!

Oh, and if you did not get the news, 2008.0 is here! Thanks release engineering team members

I almost forgot: congratulations to the new Council members, both veterans and newcomers!

- page 1 of 4