Replace Websockets with Quic (Xpra)

[MoritzWeber0]

Xpra-org/xpra-html5#143 (comment)

[zusorio]

I looked into this a bit and I don't think it's feasible in our current state unfortunately. The main problems are:

• No reverse proxies for WebTransport: It doesn't look like any widespread reverse proxies (Nginx, Caddy, Traefik) support proxying WebTransport. Our only option would be a raw UDP reverse proxy.
• TLS Termination: WebTransport mandates using TLS all the way down to Xpra. This would mean that we would either have to re-encrypt traffic (which runs into the reverse proxy issue) or terminate TLS using Xpra (which would mean provisioning certs for every session container)

[MoritzWeber0]

No reverse proxies for WebTransport: It doesn't look like any widespread reverse proxies (Nginx, Caddy, Traefik) support proxying WebTransport. Our only option would be a raw UDP reverse proxy.

This could be solved by directly exposing the port. But in the end the session container would need to handle authentication again and other features like session sharing etc. would be hard to implement.
But I guess there will be some reverse proxies for Quic in the future.

TLS Termination: WebTransport mandates using TLS all the way down to Xpra. This would mean that we would either have to re-encrypt traffic (which runs into the reverse proxy issue) or terminate TLS using Xpra (which would mean provisioning certs for every session container)

Yes, that's an annoying challenge and probably only feasible with wildcard certificates. Nothing for the near future.