The branch, build-main has been updated via fd4ae726f53e4ee701e987e31c73079797670b71 (commit) from 18b8b460391374b141283e004a826d6ef51e61c0 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- ----------------------------------------------------------------------- Summary of changes: etc/broker/x2gobroker-sessionprofiles.conf | 66 ++++++++++++++++++---------- 1 file changed, 42 insertions(+), 24 deletions(-) The diff of changes is: diff --git a/etc/broker/x2gobroker-sessionprofiles.conf b/etc/broker/x2gobroker-sessionprofiles.conf index d797697..f3b4e8b 100644 --- a/etc/broker/x2gobroker-sessionprofiles.conf +++ b/etc/broker/x2gobroker-sessionprofiles.conf @@ -1,11 +1,12 @@ ### X2Go Broker Session Profiles - ADAPT TO YOUR NEEDS ### -# This whole file reflects a set of examplary X2Go session profiles being provided -# via the X2Go Session Broker (backend: iniconf). +# This whole file reflects a set of examplary X2Go session profiles being +# provided via the X2Go Session Broker (backend: iniconf). -# This whole file could be the broker setup in some university institute that runs -# three server pools (pool-A, pool-B and pool-C). Though most univerities have -# real IPv4 internet addresses, we use private subnets in the examples below. +# This whole file could be the broker setup in some university institute that +# runs three server pools (pool-A, pool-B and pool-C). Though most univerities +# have real IPv4 internet addresses, we use private subnets in the examples +# below. # The X2Go Session Broker is served into the institutes local intranet, the # broker cannot be reached from the internet directly. @@ -13,14 +14,18 @@ # The first section [DEFAULTS] provides a set of default profile settings that # are common to all session profiles given in sections below. -# The other section names can be freely chosen, however, each section name has to -# be unique within this file. +# The other section names can be freely chosen, however, each section name has +# to be unique within this file. -# IMPORTANT: in the session profiles below you will find some lines starting with -# acl-... These lines do neither protect the X2Go Session Broker nor your X2Go Servers. -# For protecting the broker use iptables and ip6tables. For protecting your X2Go Servers -# use iptable+ip6tables and a tightened PAM configuration (e.g. pam_access.so). Securing -# X2Go Servers means securing the SSH daemon that runs on the X2Go Server. +# IMPORTANT: in the session profiles below you will find some lines starting +# with acl-... These lines do neither protect the X2Go Session Broker nor +# your X2Go Servers. They simply allow for selective session profile provision +# based on client address, user name and group memberships. +# +# For protecting the broker use iptables and ip6tables. For protecting your +# X2Go Servers use iptable+ip6tables and a tightened PAM configuration (e.g. +# pam_access.so). Securing X2Go Servers means securing the SSH daemon that +# runs on the X2Go Server. [DEFAULT] @@ -55,19 +60,26 @@ sshport=22 setdpi=0 pack=16m-jpeg +### EXAMPLES: Below you find some config examples. Adapt them to your needs or +### simply write your own session profiles and remove the examples below. + ## -## pool-A (staff servers) +## EXAMPLE: pool-A (staff servers) ## ## The pool-A contains three X2Go Servers (server-A, server-B and server-C). -## The staff of our example institute falls into two groups of users: gnome-users and kde-users. -## The gnome-users log into server-A or server-B, depending on their client subnet (IP configuration of the client). -## The kde-users login to server-C (server-C can be reached from the whole intranet). +## The staff of our example institute falls into two groups of users: +## gnome-users and kde-users. +## The gnome-users log into server-A or server-B, depending on their client +## subnet (IP configuration of the client). +## The kde-users login to server-C (server-C can be reached from the whole +## intranet). ## -## The split-up of the GNOME users allows some primitive load balancing. +## The client IP based split-up of the GNOME users allows some primitive load +## balancing. ## -## If staff people are members of both groups (kde-users, gnome-users) both session profiles will be -## shown in X2Go Client. +## If staff people are members of both groups (kde-users, gnome-users) both +## session profiles will be shown in X2Go Client. ## [pool-A-server-A] @@ -102,7 +114,7 @@ acl-groups-deny=ALL acl-any-order=deny-allow ## -## pool-B (e.g. webserver in the DMZ or on the internet) +## EXAMPLE: pool-B (e.g. webserver in the DMZ or on the internet) ## ## The pool-B is a single X2Go Server (server-D) that is ## hosted externally. The server-D has an official internet IP. @@ -127,7 +139,7 @@ acl-clients-allow=admin-machine1.domain.local, admin-machine2.domain.local, admi acl-any-order=deny-allow ## -## pool-C +## EXAMPLE: pool-C (REAL LOAD BALANCING!!!) ## ## The pool-C is a server pool for students. Our example institute ## knows 200-300 students and has to offer working places for @@ -137,13 +149,19 @@ acl-any-order=deny-allow ## normally stay away from these machines, anyway. Only two test account ## get this session profile into their X2Go Clients. ## -## The pool-C contains 6 X2Go Servers that serve all students users together as a load balance -## server farm. +## The pool-C contains 6 X2Go Servers that serve all students users together +## as a load balance server farm. +## +## Make sure to install x2gobroker-agent on all these 6 X2Go Servers. Also make +## sure to once run the script x2gobroker-keygen on the broker host and once +## the script x2gobroker-pubkeyauthorizer per X2Go Server. +## +## All 6 X2Go Servers have to be configured to use the PostgreSQL X2Go session +## DB backend. ## [pool-C-XFCE] user= -# no load balancing support, yet host=s-E1.pool-c.domain.local,s-E2.pool-c.domain.local,s-E3.pool-c.domain.local,s-E4.pool-c.domain.local,s-E5.pool-c.domain.local,s-E6.pool-c.domain.local name=XFCE - pool-C command=XFCE hooks/post-receive -- x2gobroker.git (HTTP(S) Session broker for X2Go) This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "x2gobroker.git" (HTTP(S) Session broker for X2Go).