Generaloptions--version
Displays xpra's version number.
-h,--help
Displays a summary of command line usage.
-dFILTER1,FILTER2,..., --debug=FILTER1,FILTER2,...
Enable debug logging. The special value all enables all debugging.
--mmap=yes|no|ABSOLUTEFILENAME
Enable or disable memory mapped pixel data transfer. By default it is normally enabled
automatically if the server and the client reside on the same filesystem namespace. This method
of data transfer offers much lower overheads and reduces both CPU consumption and local network
traffic. When attaching, you can also specify an absolute path where the mmap file will be
created.
--mmap-group=GROUP
Sets the mmap file's gid to the group specified, and sets the permissions to 660. This is
necessary to share the mmap file across user accounts. You can also use the special GROUP values:
no Disable the functionality, the mmap file will use the default file permissions and default
group ownership.
SOCKET The group used will be the same one as found on the unix domain socket file the client
connects to. Obviously, this can only work when connecting to unix domain sockets.
auto Will use the 'xpra' group if the user is a member, otherwise it will fallback to the same
behaviour as SOCKET.
--windows=yes|no
Enable or disable the forwarding of windows. This is usually the primary use for xpra and should
be enabled.
--min-size=WIDTHxHEIGHT
Sets the minimum size for all decorated windows.
--max-size=WIDTHxHEIGHT
Sets the maximum size for all windows.
--readonly=yes|no
Read only mode ignores all keyboard and mouse activity.
--clipboard=yes|no|clipboard-type
Enable or disable clipboard synchronization. If disabled on the server, no clients will be able
to use clipboard synchronization at all. If turned off on the client, only this particular
connection will ignore clipboard data from the server. This can also be used to specify a
different clipboard implementation. The clipboard types available will vary from platform to
platform and also depend on build time environment and options so this is best left on auto.
Other clipboard types available may include:
translated
Clipboard which can translate from one type of selection to another
GDK The most complete clipboard implementation, includes full X11 support
default
Fallback clipboard, with limited X11 support
OSX OSX specific clipboard
--clipboard-direction=to-server|to-client|both|disabled
Choose the direction of the clipboard synchronization.
--pulseaudio=yes|no
Enable or disable the starting of a pulseaudio server with the session.
--pulseaudio-command=SERVER-START-COMMAND
Specifies the pulseaudio command to use to start the pulseaudio server, unless disabled with
pulseaudio=no.
--session-name=VALUE
Sets the name of this session. This value may be used in notifications, utilities, tray menu, etc.
Setting this value on the server provides a default value which may be overridden on the client.
--encoding=ENCODING
This specifies the image encoding to use, there are a number of encodings supported: jpeg, png,
png/P, png/L, webp, rgb, vp8, vp9, h264 and h265 (some may not be available in your environment).
The default option is auto which allows the server to select the best encoding automatically.
auto default mode: the built-in heuristics will choose the most appropriate encoding
png compressed and lossless, can be quite slow.
png/P compressed and lossy: it uses a colour palette, which means better compression but still
slow.
png/L compressed and lossy: grayscale only using a palette.
rgb a raw pixel format (lossless) compressed with lz4, lzo or zlib (see compressors) the
compression ratio is lower, but it is by far the fastest encoding available.
webp can be used in lossy or lossless mode, useful for graphical applications, it compresses
better than jpeg and is reasonably fast except at high resolutions.
jpeg can be useful for graphical applications, it is lossy and usually very fast.
vp8 lossy video encoding which always uses colour subsampling. Fast at encoding and decoding.
vp9 Video encoding which supports both lossy and lossless modes, available if your ffmpeg
library version is recent enough.
h264 One of the best encoding available: it is fast, efficient and tunable via the quality and
speed options.
h265 Far too slow at encoding, avoid.
The default encoding which is automatically selected if you do not specify one will depend on what
options are available on both the server and the client: rgb is always available (builtin), jpeg and png
require the Python Imaging Library, vp8, vp9, webp, h264 and h265 all require their respective shared
libraries, as well as the xpra codec that uses them.
Note: when selecting a video encoding (usually h264, vp8 or vp9), it will only be used if the screen is
updating quickly enough, some of the smaller screen updates will also be sent using one of the other non-
video encodings.
--video-scaling=on|off|SCALING
How much automatic video downscaling should be used, from 1 (rarely) to 100 (aggressively), 0 to
disable. Video scaling is normally used with video regions or very large windows (especially full
screen windows) to try to maintain a decent framerate. Video downscaling negatively affects
visual quality and will cause automatic refreshes (if enabled), it is most useful on video content
where it saves a considerable amount of bandwidth.
--socket-dir=DIR
Location where to write and look for the Xpra socket files. The default location varies from
platform to platform ("~/.xpra" on most Posix systems). If unspecified, the first value from
socket-dirs will be used. It may also be specified using the XPRA_SOCKET_DIR environment
variable.
When using the socket-dir option, it is generally necessary to specify socket-dir or socket-dirs
on all following commands, for xpra to work with the open sessions.
By specifying a shared directory this can be coupled with the mmap-group and socket-permissions
option to connect Xpra sessions across user accounts with shared memory acceleration.
--socket-dirs=DIR
Specifies the directories where to look for existing sockets if a specific one was not set using
socket-dir. You may specify each directory using a new --socket-dirs command line argument, or
joined together by the path separator (: on Posix). The paths will be expanded. (ie: --socket-dirs=~/.xpra:/tmp)
--file-transfer=on|off
Enable file transfers.
--open-files=on|off
This option may be used to allow the remote end to automatically open files after they have been
uploaded. This may be a security risk if you are using xpra to constrain what the clients can
execute on the server.
--forward-xdg-open=on|off
Intercept execution of xdg-open and forward the request to the client.
--open-command=COMMAND
The command to use for opening files and URLs.
--bandwidth-limit=BITSPERSECOND
Restrict bandwidth usage to below the limit given. The client's value cannot raise the limit of
the server. The value may be specified using standard units, ie: 1Mbps or 500K. In auto mode,
the client will set the bandwidth limit value to 80% of the maximum speed of the network interface
it is using to connect to the server.
Optionsforstart,start-desktop,upgrade,proxyandshadow--daemon=yes|no
By default, the xpra server puts itself into the background, i.e. 'daemonizes', and redirects its
output to a log file. This can be used to prevent that behavior (useful mostly for debugging).
--resize-display=yes|no
Resize the virtual display to match the resolution of the client currently connected. This only
applies to the start and start-desktop subcommands.
--fake-xinerama=PATH|auto|no
Specify the path to the libfakeXinerama.so library which will be injected into all the child
processes the server starts using LD_PRELOAD. This can also be disabled or set to auto: the
server will then try to locate the library itself. This only applies to the start subcommand.
--chdir=DIR
Change to this directory after daemonizing.
--uid=UID and --gid=GID
When launching the server as root, these options can be used to drop privileges to the given UID /
GID.
--pidfile=FILENAME
Writes the server process ID to this file on startup. If the file has not been replaced, it will
be deleted when the server exits.
--bind=BIND_LOCATION
Create a local Unix domain socket (on Unix) or named-pipe (on MS Windows) for each bind option
specified.
This option can be specified multiple times to specify multiple socket locations. These sockets
support local connections with the :7-style display address, and remote connections with the
ssh://frodo/7-style display address.
Local sockets may also process HTTP / Websocket connections if the html switch is enabled.
The location can take the form:
none do not create a socket
auto backwards compatible default which uses the current socket-dirDIRECTORY/
create a socket in the directory specified, if the directory does not exist then it will be
created - you should include the trailing slash to prevent the confusion with the PATH
form:
PATH create the socket using the path specified
--bind-tcp=[HOST]:PORT
Create a TCP socket for each --bind-tcp option specified. If the host portion is omitted, then
127.0.0.1 (localhost) will be used. If you wish to accept connections on all interfaces, pass
0.0.0.0 for the host portion.
Using this switch without using the tcp-auth option is not recommended, and is a major security
risk (especially when passing 0.0.0.0)! Anyone at all may connect to this port and access your
session.
TCP sockets may also process HTTP / Websocket connections if the html switch is enabled. TCP
sockets may also be upgraded to SSL sockets if the ssl switch is enabled.
--bind-udp=[HOST]:PORT
Create a UDP socket for each --bind-udp option specified. If the host portion is omitted, then
127.0.0.1 (localhost) will be used. If you wish to accept connections on all interfaces, pass
0.0.0.0 for the host portion.
Using this switch without using the udp-auth option is not recommended, and is a major security
risk (especially when passing 0.0.0.0)! Anyone at all may connect to this port and access your
session. UDP sessions are trivial to hijack for anyone able to sniff even just a single packet,
it should only be used in very specific use-cases, and never over unsecured networks.
--bind-ws=[HOST]:PORT
Create an HTTP / Websocket listener. See bind-tcp for host restrictions, you should use the auth-ws to secure access.
--bind-wss=[HOST]:PORT
Create an HTTPS / Secure Websocket listener. See bind-tcp for host restrictions, you should use
the auth-wss to secure access.
--bind-ssl=[HOST]:PORT
Just like --bind-tcp but for SSL sockets. See ssl-auth and the other SSL options.
--bind-rfb=[HOST]:PORT
Listens for RFB connections on the given port. These sockets are only supported with the start-desktop and shadow modes.
--bind-vsock=CID:PORT
Create a VSOCK socket for each --bind-vsock option specified.
--auth=MODULE[:OPTION=VALUE]
Specifies the authentication module to use for unix domain sockets created using the bind switch.
Authentication modules can validate a username and password against a variety of backend modules:
allow always allows authentication - this is dangerous and should only be used for testing
fail always fails authentication, useful for testing
env matches against the environment variable specified by the name option (which defaults to
XPRA_PASSWORD). ie: --auth=env:name=SOME_OTHER_ENV_VAR_NAME.
password
matches against the password specified using the value option. ie:
--auth=password:value=YOURPASSWORD. Note: this command line option may be exposed to other
processes on the same system.
file checks the password against the password data found in the file specified using the
filename option. ie: --auth=file:filename=./password.txt.
The contents of this file will be treated as binary data, there are no restrictions on
character encodings or file size. Beware of trailing newline characters which will be
included in the password data.
multifile
checks the username and password against the file specified using the filename option. The
file must contain each user credentials on one line of the form:
username|password|uid|gid|displays|env_opts|session_opts
It is not possible to have usernames or password that contain the pipe character | which is
used as delimiter, or newlines and carriage returns. This module is deprecated, sqlite
should be used instead.
sqlitemysqlsql checks the username and password against the sqlite database file specified using the
filename option (for the sqlite backend), or the database specified using the uri option
(mysql and sql backends). The authentication will be processed using the following query
(which is configurable using the password_query option): SELECTpasswordFROMusersWHEREusername=(?) The sessions available for each user will be queried using: (this is
configurable using the sessions_query option): SELECTuid,gid,displays,env_options,session_optionsFROMusersWHEREusername=(?) Multiple displays may be specified as a
comma separated list.
hosts checks the host using the system's tcp-wrappers library. (Posix only, and not available on
Mac OS) See hosts.allow and hosts.deny for details.
exec Executes the command specified using the command attribute, the arguments to this command
are: a description of the access request and the timeout value. (also configurable) If the
command is not specified, the system will try to locate and use the auth_dialog utility
which is shipped with xpra. The command should return 0 to allow access, any other value
will deny access.
peercred
checks the unix domain socket peer credentials using SO_PEERCRED. This authentication
module is only available on some Posix compliant operating systems. This module will verify
that the operating system provides the uid and gid of the process that initiated the
connection. Access can be restricted by supplying a colon separated list of valid uids and
gids that are allowed to connect. Those id values may be specified using numerical values
or using the usernames / group names. This module is different from the others in that it
will not require the client to supply a username or password, as those are ignored.
Environment variables and pseudo-environment variables may also be used as values, eg:
--auth=peercred:uid=\$UID:fred,gid=xpra.
pam validates the username and password using the PAM system
win32 validates the username and password using Microsoft Windows authentication (only available
on this platform)
sys chooses the appropriate system authentication module automatically (either pam or win32)
kerberos-password
validates the username and password using kerberos authentication. Warning: this module
does not use kerberos tickets and the password will be sent in plain text to the server.
This should only be used for testing.
kerberos-ticket
validates a kerberos ticket obtained by the client.
gss validates a GSS ticket obtained by the client.
u2f requests a U2F token from the client.
ldap validates the username and password against an LDAP server, using the python-ldap library.
ldap3 validates the username and password against an LDAP server, using the python ldap3 library.
--tcp-auth=MODULE
Just like the auth switch, except this one only applies to TCP sockets (sockets defined using the
bind-tcp switch).
--udp-auth=MODULE
Just like the tcp-auth switch, except this one only applies to UDP sockets (sockets defined using
the bind-udp switch).
--ws-auth=MODULE
Just like the auth switch, except this one only applies to ws sockets: sockets defined using the
bind-ws switch, or TCP sockets upgraded to websockets. (if the html option is enabled).
--wss-auth=MODULE
Just like the auth switch, except this one only applies to wss sockets: sockets defined using the
bind-wss switch, ws sockets upgraded to SSL (if the ssl option is enabled) or TCP sockets upgraded
to SSL and then to wss. (if both the ssl and html options are enabled).
--ssl-auth=MODULE
Just like the auth switch, except this one only applies to SSL sockets: sockets defined using the
bind-ssl switch, or TCP sockets upgraded by ssl=auto or ssl=on.
--rfb-auth=MODULE
Authentication module to use for the bind-rfb sockets.
--vsock-auth=MODULE
Just like the auth switch, except this one only applies to VSOCK sockets (sockets defined using
the bind-vsock switch).
--challenge-handlers=MODULE:options
Configures which challenge handlers are used by the client and in which order. This option may be
repeated to specify multiple handlers, which can be useful if the server sends more than one
authentication challenge. The default value is: all which corresponds to:
uri,file,env,kerberos,gss,u2f,prompt.
uri Use the password specified on the connection string, if any.
file The filename used to store the password can be specified using the filename option. If
this option is not specified, it will fallback to using the password filename specified
with the password-file switch.
env Use the password specified using the environment variable specified using the name option,
which defaults to XPRA_PASSWORD if unspecified.
kerberos
Requests a kerberos token for the service specified.
gss Requests a gss token for the service specified.
u2f Requests a token from a U2F device.
prompt Prompt the user for the value. Terminal clients prompt using text input, GUI clients use a
dialog.
--min-port=PORT
The minimum port number allowed when creating UDP and TCP sockets. You can use a lower value to
allow unprivileged users to bind to privileged ports when starting sessions via the system wide
proxy server. The default value is 1024 which is the standard value for privileged ports.
--mdns=yes|no
Enable or disable the publication of new sessions via mDNS.
--dbus-launch=COMMAND|no
Start the session within a dbus-launch context, you can specify the dbus launch command to use, or
turn it off completely. Some features may not be available without a dbus context.
--dbus-proxy=yes|no
Allows the client to forward dbus calls to the server.
--dbus-control=yes|no
Start a dbus server which can be used to interact with the server process.
Optionsforstart,start-desktop,upgrade--exec-wrapper=CMD
A wrapper command which is prepended to all start commands. Typically, this is used for starting
all sub-commands via VirtualGL.
--start=CMD
After starting the server, runs the command CMD using the default shell. The command is run with
its $DISPLAY set to point to the newly-started server. This option may be given multiple times to
start multiple commands.
--start-child=CMD
Identical to --start, except that the commands are taken into account by --exit-with-children.
--start-after-connect=CMD
Wait for the first client to connect before starting the command.
--start-child-after-connect=CMD
Wait for the first client to connect before starting the child command. See start-child.
--start-on-connect=CMD
Execute this command every time a client connects.
--start-child-on-connect=CMD
Execute this child command every time a client connects. See start-child.
--start-on-last-client-exit=CMD
Execute this command every time a client disconnects and there are no other clients left.
--start-child-on-last-client-exit=CMD
Execute this child command every time a client disconnects and there are no other clients left.
See start-child.
--terminate-children=yes|no
On server stop, terminate all the child commands that have been started by the server. This does
not affect server exit. Most child commands are tied to the display so they are normally forced
to shutdown anyway, but this gives them more time to cleanup properly and can be used to stop
background commands that aren't tied to a display.
--exit-with-children=yes|no
This option may only be used if --start-child is also given. If it is given, then the xpra server
will monitor the status of the children started by --start-child, and will automatically terminate
itself when the last of them has exited.
--exit-with-client=yes|no
The server will terminate when the last client disconnects.
--env=KEY=VALUE
Extra environment variables which will only affect commands started using fB--start or --start-child.
--start-new-commands=yes|no
Allow clients to ask the server to execute new commands. (this can also be used via the control
channel)
--start-via-proxy=yes|no|auto
If enabled, the start and start-desktop subcommands will be delegated to the system wide proxy
server instance. With auto mode, this delegation will only occur if the system wide proxy server
is found.
--systemd-run=yes|no|auto
Wrap server start commands with systemd-run.
--systemd-run-args=ARGS
Command line arguments passed to systemd-run.
--use-display
Use an existing display rather than starting one with xvfb. You are responsible for starting the
display yourself. This can also be used to rescue an existing display whose xpra server instance
crashed or for running xpra against an accelerated X11 server.
--displayfd=FD
The xpra server will write the display number back on this file descriptor as a newline-terminated
string. This is most useful when the display number is not specified with the xpra start or
start-desktop subcommands.
--xvfb=CMD
When starting a seamless server, xpra starts a virtual X server to run the clients on. If your
Xvfb is installed in a funny location, or you want to use some other virtual X server, then this
switch allows you to specify how to run your preferred X server executable. The default value
used depends on your platform. For more information, see: https://xpra.org/Xdummy.html
--sync-xvfb=DELAY
The windows are normally only displayed on the client(s), they are not painted on the virtual
display. Some applications like screen recorders may want to capture the window contents, you can
use this option to enable painting with a configurable delay (in milliseconds). Warning: this
extra painting is expensive and quite slow, which is why it is not enabled by default.
--attach=yes|no|auto
Once the server has started, immediately connect a client to it. With the value auto, a client is
started for remote servers only. (servers specified via a network URI)
Optionsforstart,start-desktop,upgrade,shadow--tcp-proxy=HOST:PORT
Specifies the address to which non-xpra packets will be forwarded. This can be used to share the
same TCP port with another TCP servers, usually a web server. xpra clients will connect as usual,
but any client that does not speak the xpra protocol will be forwarded to the alternative server.
--html=on|off|auto|webrootpath
Respond to HTTP requests on the TCP port(s) and local sockets. This requires at least one TCP or
local socket to be configured using the matching bind option. The auto mode will enable support
if possible. By default the server will provide access to the HTML5 client. You can also specify
your own web root path as argument.
--rfb-upgrade=DELAY
Allows RFB clients (ie: VNC) to connect to a plain TCP socket. If no data is received after DELAY
seconds, the server will send a RFB handshake. This option is only applicable to servers started
in start-desktop or shadow modes.
--video-encoders=ENCODERS
Specifies the video encoders to try to load. By default, all of them are loaded, but one may want
to specify a more restrictive list of encoders. Use the special value 'help' to get a list of
options. Use the value 'none' to not load any video encoders.
--csc-modules=MODULES
Specifies the colourspace conversion modules to try to load. By default, all of them are loaded,
but one may want to specify a more restrictive list of modules. Use the special value 'help' to
get a list of options. Use the value 'none' to not load any colourspace conversion modules.
--socket-permissions=ACCESS-MODE
Specifies the file permissions on the server's unix domain sockets. Defaults to 600. This is
ignored when mmap-group is enabled.
Optionsforstart,start-desktop,upgradeandattach--encryption=CIPHER
Specifies the cipher to use for securing the connection from prying eyes. This option requires
the use of the --encryption-keyfile option. The only cipher supported at present is AES, if the
client requests encryption it will be used by both the client and server for all communication
after the initial password verification, but only if the server supports this feature too. Note:
this feature has not been extensively reviewed and as it is it should not be considered safe from
determined attackers.
--tcp-encryption=CIPHER
Just like the encryption switch, except this one only applies to TCP sockets (sockets defined
using the bind-tcp switch).
--encryption-keyfile=FILENAME
Specifies the key to use with the encryption cipher specified with --encryption. The client and
server must use the same keyfile contents.
--tcp-encryption-keyfile=FILENAME
Just like the encryption-keyfile switch, except this one only applies to TCP sockets (sockets
defined using the bind-tcp switch).
--idle-timeout=IDLETIMEOUT
The connection will be terminated if there is no user activity (mouse clicks or key presses) for
the given amount of time (in seconds). Use the value 0 to disable this timeout.
--server-idle-timeout=IDLETIMEOUT
The server will exit if there are no active connections for the given amount of time (in seconds).
Use the value 0 to disable this timeout.
--clipboard-filter-file=FILENAME
Name of a file containing regular expressions, any clipboard data that matches one of these
regular expressions will be dropped. Note: at present this only applies to copying from the
machine where this option is used, not to it.
--dpi=VALUE
The 'dots per inch' value that client applications should try to honour. This numeric value
should be in the range 10 to 500 to be useful. Many applications will only read this value when
starting up, so connecting to an existing session started with a different DPI value may not have
the desired effect.
--pixel-depth=VALUE
When starting a server, this switch controls the bits per pixel of the virtual framebuffer.
Possible values: 0 (auto), 16, 24, 30. When starting a client, this switch controls the picture
rendering with the opengl backend: values higher than 24 will enable deep color, the value 24
enables regular true color rendering. Use the value 0 to let the client decide if the rendering
will benefit from using deep color. (this is only supported on some Posix clients) Other values
should not be used.
--cursors=yes|no
Enable or disable forwarding of custom application mouse cursors. Client applications may change
the mouse cursor at any time, which will cause the new cursor's pixels to be sent to the client
each time. This disables the feature.
--notifications=yes|no
Enable or disable forwarding of system notifications. System notifications require the xpra
server to have its own instance of a dbus daemon, if it is missing a warning will be printed on
startup. This switch disables the feature entirely, and avoids the warning.
--input-method=METHOD
Specify which input method to configure. This sets a number of environment variables which should
be honoured by applications started with the start-child option.
The following METHODs are currently supported:
none Disable input methods completely and prevent it from interfering with keyboard input. This
is the default.
keep Keeps the environment unchanged. You are responsible for ensuring it is correct.
xim Enables the X Input Method.
IBus Enables the Intelligent Input Bus.
SCIM Enables the Smart Common Input Method.
uim Enables the Universal Input Method.
Any other value will also be set up, but will trigger a warning.
--xsettings=yes|no
Enable or disable xsettings synchronization. Xsettings are only forwarded from posix clients
connecting to real posix servers (not shadows).
--system-tray=yes|no
Enable or disable forwarding of system tray icons. This feature requires client support and may
not be available on all platforms.
--bell=yes|no
Enable or disable forwarding of the system bell.
--webcam=yes|no
Enable or disable webcam forwarding.
--mousewheel=on|off|invert|invert-x|invert-y|invert-z
Mouse wheel handling: can be used to disable mouse wheel forwarding or to invert some or all axes.
--remote-logging=yes|no|both
Allow the client to forward its log output to the server. The client can specify the value both
to both send it to the server and keep it locally.
--av-sync=yes|no
Enable or disable audio-video synchronization. The video data will be delayed so that it is
displayed in sync with the audio. Note: this only applies to video regions, either auto-detected
via the builtin heuristics or specified using the dbus interface.
Optionsforattach--modal-windows=yes|no
Honour modal windows. This may have undesirable side effects when multiple applications are
forwarded through the same xpra server: modal windows will be made modal for all the applications
forwarded by xpra rather than just the one application which owns that window.
--password-file=FILENAME
Supply the password to be used for connecting to a server that uses authentication. See auth, tcp-auth, ssl-auth and vsock-auth for details. Alternatively, you may use the XPRA_PASSWORD
environment variable.
--opengl=(yes|no|auto)[:backend]
Use OpenGL accelerated rendering on the client. The default is to detect if the graphics card and
drivers are supported (auto mode), but one can also disable OpenGL (no) or force it enabled (yes).
On some platforms, it is also possible to specify which backends should be used, only gtk and
native are currently supported and only on X11 platforms. ie: opengl=yes:native, or
opengl=auto:gtk,native.
--webcam=yes|no|/dev/deviceXXX|DEVICEID
Enable or disable webcam forwarding. The webcam device to use can also be specified.
-zLEVEL, --compress=LEVEL
Select the level of compression xpra will use when transmitting data over the network. With the
lz4 and lzo compressors, there are only two possible values: 0 (meaning no compression) and 1
(compression enabled). The zlib compressor supports values between 0 (meaning no compression) and
9, inclusive. It should only be used when lz4 and lzo are not available.
This compression is not used on pixel data (except when using the rgb encoding).
--quality=VALUE
This option sets a fixed image compression quality for lossy encodings (jpeg, webp, h264/h265 and
vp8/vp9). First, one of those lossy encodings must be enabled with --encoding. Values range from
1 (lowest quality, high compression - generally unusable) to 100 (highest quality, low
compression). Specify a value of zero to let the system tune the quality dynamically to achieve
the best bandwidth usage possible. It is usually best not to use this option and use min-quality
instead.
--min-quality=MIN-QUALITY
This option sets the minimum encoding quality allowed when the quality option is set to automatic
mode.
--speed=SPEED
This option sets the encoding speed. Slower compresses more, faster will give better latency.
The system normally uses a variable speed, this option forces a fixed speed setting to be used
instead. It is usually best not to use this option and use min-speed instead.
--min-speed=MIN-SPEED
This option sets the minimum encoding speed allowed when the speed option is set to automatic
mode.
--auto-refresh-delay=DELAY
This option sets a delay after which the windows are automatically refreshed using a lossless
frame. The delay is a floating-point number and is in seconds. This option is enabled by default
with a delay of 0.25 seconds. This option is only relevant when using a lossy encoding.
--shortcut-modifiers=MODIFIERS
Defines the default shortcut modifiers required by the key-shortcuts, these modifiers can then be
referred to as #. The default value is 'auto' which evaluates to Meta+Shift on most platforms.
--key-shortcut=KEY:ACTION
Can be specified multiple times to add multiple key shortcuts. These keys will be caught by the
client and trigger the action specified and the key presses will not be passed on to the server.
The KEY specification may include keyboard modifiers in the form [modifier+]*key, for example:
Shift+F10 or Shift+Control+B. You can refer to the shorcut-modifers option value using #, ie:
#+F1.
If no shortcuts are defined on the command line, the default builtin list will be used.
Some of the actions may allow arguments (ie: the log action does), in which case they are
specified in the usual programming style syntax: ACTION(ARG1,ARG2,etc)
String arguments must be quoted (both single and double quotes are supported) and numeric
arguments must not be quoted. Beware the the parenthesis and quotes must usually be escaped when
used from a shell command line. Example: --key-shortcut=Meta+Shift+F7:log\(\'hello\'\)
The following ACTIONs are currently defined:
quit Disconnect the xpra client.
log("MESSAGE")
Sends MESSAGE to the log.
show_session_info[("TabName")]
Shows the session information window. The optional TabName allows the information tab shown
to be selected. Use the value help to get the list of options.
show_menu
Shows the menu normally found in the system tray.
show_start_new_command
Shows the start new command dialog.
magic_key
Placeholder which can be used by some client toolkits.
void Does not do anything, and can therefore be used to prevent certain key combinations from
ever being sent to the server.
refresh_window
Force the currently focused window to be refreshed.
refresh_all_windows
Force all windows to be refreshed.
toggle_keyboard_grab
The keyboard will be grabbed / ungrabbed by the current window.
toggle_pointer_grab
The pointer will be grabbed and confined to the current window.
toggle_fullscreen
Make the current window fullscreen / unfullscreen.
toggle_debug
Turn debugging on or off.
scaleup
Increase the current value of desktop-scaling.
scaledown
Decrease the current value of desktop-scaling.
scalereset
Reset the desktop-scaling to its original value.
scalingoff
Turn off desktop-scaling.
increase_quality
Increase the min-quality or quality setting (whichever one is currently in use).
decrease_quality
Decrease the min-quality or quality setting (whichever one is currently in use).
increase_speed
Increase the min-speed or speed setting (whichever one is currently in use).
decrease_speed
Decrease the min-speed or speed setting (whichever one is currently in use).
--sharing=yes|no|auto
Sharing allows more than one client to connect to the same session. This must be enabled on both
the server and all co-operating clients to function. When used server-side, the default value
auto allows the clients to decide if they are willing to share the session. When used client-
side, the default value auto evaluates to no. To allow sharing to work with unix domain sockets
(either using local connections or via ssh), you should create at least one socket in a group
accessible directory. On Posix with a default configuration, being a member of the xpra group
should be enough to create a socket in /run/xpra. You must also ensure that the permissions of
this socket file allow group access, see socket-permissions.
--lock=yes|no|auto
Locking allows a client to refuse to hand over the session to a new client. The session may still
be shared with multiple clients (see the sharing option), but otherwise the server will reject new
clients. When used server-side, the default value auto allows the clients to decide if they want
to lock the session. When used client-side, the default value auto evaluates to no.
--keyboard-sync=yes|no
Normally the key presses and key release events are sent to the server as they occur so that the
server can maintain a consistent keyboard state. Disabling synchronization can prevent keys from
repeating unexpectedly on high latency links but it may also disrupt applications which access the
keyboard directly (games, etc.).
--keyboard-raw=yes|no
Tells the server to process all keyboard input untranslated. Both the client and the server must
be using the same type of keyboard interface. (ie: both using X11)
--keyboard-layout=LAYOUTSTRING
The keyboard layout is normally detected automatically. This option overrides it.
--keyboard-layouts=LAYOUTS
The list of keyboard layouts to enable.
--keyboard-variant=VARIANT
Override for the keyboard layout variant.
--keyboard-variants=VARIANTS
Override for the keyboard layout variants.
--keyboard-options=OPTIONS
Override for the keyboard options sent to the server.
--swap-keys=YES|NO
This option only applies to MacOS clients, it swaps the command and control keys and is enabled by
default.
--sound-source=PLUGIN
Specifies the GStreamer sound plugin used for capturing the sound stream. This affects "speaker
forwarding" on the server, and "microphone" forwarding on the client. To get a list of options
use the special value 'help'. It is also possible to specify plugin options using the form:
--sound-source=pulsedevice=device.alsa_input.pci-0000_00_14.2.analog-stereo--speaker=on|off|disabled and --microphone=on|off|disabled|on:DEVICE|off:DEVICE
Sound input and output forwarding support: on will start the forwarding as soon as the connection
is established, off will require the user to enable it via the menu, disabled will prevent it from
being used and the menu entry will be disabled. With microphone forwarding, you may also be able
to specify which device to use.
--speaker-codec=CODEC and --microphone-codec=CODEC
Specify the codec(s) to use for sound output (speaker) or input (microphone). This parameter can
be specified multiple times and the order in which the codecs are specified defines the preferred
codec order. Use the special value 'help' to get a list of options. When unspecified, all the
available codecs are allowed and the first one is used.
--title=VALUE
Sets the text shown as window title. The string supplied can make use of remote metadata
placeholders which will be populated at runtime with the values from the remote server. The
default value used is "@title@ on @client-machine@".
The following placeholders are defined:
@title@
Will be replaced by the remote window's title.
@client-machine@
Will be replaced by the hostname of the system where the application is running, if
provided, the xpra server's hostname otherwise.
@server-machine@
Will be replaced by the hostname of the xpra server.
@server-display@
Will be replaced by the name of the display on which the application is running.
--border=BORDER
Specifies the color and size of the border to draw inside every xpra window. This can be used to
easily distinguish xpra windows running on remote hosts from local windows. The BORDER can be
specified using standard color names (ie: red, or orange) or using the web hexadecimal syntax (ie:
#F00 or #FF8C00). The special color name "auto" will derive the color from the server target
address (the connection string) so that connecting to the same target should always give the same
color. You may also specify the size of the border in pixels, ie: --border=yellow,10.
--window-icon=FILENAME
Path to the default image which will be used for all windows. This icon may be shown in the
window's bar, its iconified state or task switchers. This depends on the operating system, the
window manage and the application may override this too.
--window-close=ACTION
Choose what action to take when the window is closed by the client. The following actions can be
used:
auto The client will figure out what is best based on the window type. This is the default.
ie: it will use disconnect shadow sessions, Iforward forseamlesswindows.forward
The event will be forwarded to the server.
ignore Do nothing.
disconnect
Disconnect from the server.
shutdown
Shutdown the server.
--desktop-scaling=off|on|auto|VALUE
Desktop scaling allows the windows to be scaled by the client. Downscaling will mostly waste
bandwidth, upscaling allows the window's pixels to be sent over the wire at a lower resolution,
saving bandwidth and CPU time. This option can also be used to request a specific scaling value.
For best results, use opengl client rendering, the other display backends may show visual
artifacts when scaling. Note: the scaling may also be adjusted at runtime through keyboard
shortcuts if those are configured.
The desktop-scaling value can take the form:
off scaling will be disabled
on scaling will be allowed, but it will start unscaled
auto scaling will be allowed and a scaling value will be automatically chosen if the client's
desktop is large (bigger desktops will use higher scaling values)
scaling-value
scaling will be enabled and use the given value, specified as a number, fraction or
percentage. ie: 2, 3/2 or 150%.
pair the scaling will be enabled and use a different value for the X and Y axis. ie: 3x2 or
3/2x4/3desktop-size
the scaling will be enabled and the server will render to the given size. ie: 1600x1200--tray=yes|no Enable or disable the system tray. Not available on OSX since the dock icon is always
shown.
--delay-tray
Waits for the first window or notification to appear before showing the system tray. (posix only)
--tray-icon=FILENAME
Specifies the icon shown in the dock/tray. By default it uses a simple default 'xpra' icon. (On
Microsoft Windows, the icon must be in ico format.)
--enable-pings
The client and server will exchange ping and echo packets which are used to gather latency
statistics. Those statistics can be seen using the xprainfo command.
Optionsforattach,stop,info,screenshot,version--ssh=CMD
When you use an ssh: address to connect to a remote display, xpra runs ssh(1) to make the
underlying connection. By default, it does this by running the command "ssh". If your ssh program
is in an unusual location, has an unusual name, or you want to pass special options to change
ssh's behavior, then you can use the --ssh switch to tell xpra how to run ssh.
For example, if you want to use arcfour encryption, then you should run
xpraattach--ssh="ssh-carcfour"ssh://frodo/7Note: Don't bother to enable ssh compression; this is redundant with xpra's own compression, and
will just waste your CPU. See also xpra's --compress switch.
On MS Windows, where backslashes are used to separate path elements and where spaces are often
used as part of paths, you need to add quotes around paths. (ie: ssh="C:\ProgramFiles\Xpra\Plink.exe"-ssh-agent)
--exit-ssh=yes|no
Choose whether the SSH client process should be forcibly terminated when xpra disconnects from the
server. If you are using SSH connection sharing, you may want to avoid stopping the SSH master
process instance spawned by xpra as it may be used by other SSH sessions. Note: the exit-ssh=no
detaches the SSH process from the terminal which prevents the SSH process from interacting with
the terminal input, this disables the keyboard interaction required for password input, host key
verification, etc..
--remote-xpra=CMD
When connecting to a remote server over ssh, xpra needs to be able to find and run the xpra
executable on the remote host. If this executable is in a non-standard location, or requires
special environment variables to be set before it can run, then accomplishing this may be non-
trivial. If running xpraattachssh:something fails because it cannot find the remote xpra, then
you can use this option to specify how to run xpra on the remote host.
That said, this option should not be needed in normal usage, as xpra tries quite hard to work
around the above problems. If you find yourself needing it often, then that may indicate a bug
that we would appreciate hearing about.
SSLOptions--ssl=on|auto|off|tcp|www
Whether to enable SSL on TCP sockets and for what purpose. The TCP sockets will automatically be
upgraded to SSL when SSL packets are received.
auto The server will try to guess what protocol to use for each new SSL connection: either
xpra's native protocol or https / websocket (wss)
tcp The SSL sockets will only be used for xpra's native protocol
www The SSL sockets will only be used for https and websocket (wss)
If SSL is enabled, then a ssl-cert is required. Authentication, if required, will use the ssl-auth
module specified, and fallback to tcp-auth or auth unless the value none is specified.
The remaining options mirror the Python ssl module attributes. Please refer to that documentation and
bear in mind that configuring SSL for security is not trivial, and definitely not just a matter of
enablingSSL. See: https://docs.python.org/2/library/ssl.html Some options may not be available with
older versions of Python.
Summary: --ssl-key=KEYFILE The key file to use.
--ssl-cert=ERTFILEORDIR
Certificate file, required for server SSL support.
--ssl-protocol=PROTOCOLVERSION
Specifies which version of the SSL protocol to use.
--ssl-ca-certs=CACERTSFILE
The ca_certs file contains a set of concatenated 'certification authority' certificates. If a
directory is specified, it should contain the certificates.
--ssl-ca-data=ERTDATA
Certificate data.
--ssl-ciphers=CIPHERS
Sets the available ciphers, it should be a string in the OpenSSL cipher list format.
--ssl-client-verify-mode=none|optional|required
Whether to try to verify the client's certificates and how to behave if verification fails.
--ssl-server-verify-mode=none|optional|required
Whether to try to verify the server's certificates and how to behave if verification fails.
--ssl-verify-flags=FLAGS
The flags for certificate verification operations.
--ssl-check-hostname=yes|no
Whether to match the peer cert's hostname.
--ssl-options=options
Set of SSL options enabled on this context.
ENVIRONMENTDISPLAYxprastart--start-child=... sets this variable in the environment of the child to point to the
xpra display.
xpraattach, on the other hand, uses this variable to determine which display the remote
applications should be shown on.
fIXPRA_PASSWORD maybeusedwithxpraattachinsteadofthepassword-fileoption.
Install Now
Emojis
PNG Icons