Configuring an External Proxy

Administrators may deploy Kasm Workspaces in a corporate environment that has a forward proxy, such as a ZScaler or BlueCoat device, in these environments Admins may wish to send outbound Kasm user traffic through the corporate proxy.

This document covers the necessary configuration to create a Desktop Image that has the browsers and desktop applications configured send outbound traffic through the proxy. It assumes you understand the process for Building Custom Images.

The example URL: http://10.10.1.1:3128 can be replaced with the URL of your forward proxy server.

Creating the Custom Image

  1. SSH to the Kasm Workspaces server and clone the example Git repository that has examples of custom images.

    git clone https://github.com/kasmtech/workspaces-images
    cd workspaces-images
    
  2. Create a file named proxy.json with the following contents. Ensure that http://10.10.1.1:3128 is replaced with the URL of your proxy server. This file will be copied into our image using the COPY command in our Dockerfile and will be used by the Chrome Browser.

    {
        "ProxyMode": "fixed_servers",
        "ProxyServer": "10.10.1.1:3128",
        "ProxyBypassList": ""
    }
    
  3. Create a file named policies.json with the following contents. : Ensure that http://10.10.1.1:3128 is replaced with the URL of your proxy server. This file will be copied into our image using the COPY command in our Dockerfile and will be used by the Firefox Browser.

    {
        "policies": {
            "Proxy": {
                "Mode": "manual",
                "Locked": True,
                "HTTPProxy": "10.10.1.1:3128",
                "UseHTTPProxyForAllProtocols": True,
                "Passthrough": ""
            }
        }
    }
    
  4. Next we will create a Dockerfile that applies our proxy configs to the Browsers and the Desktop OS. In this example we are basing our image off the kasmweb/desktop image, but any image that has the desired browsers installed will work.

    Create a file named Dockerfile with the following contents. Ensure that http://10.10.1.1:3128 is replaced with the URL of your proxy server.

    FROM kasmweb/desktop:1.16.1
    USER root
    
    ENV HOME /home/kasm-default-profile
    ENV STARTUPDIR /dockerstartup
    ENV INST_SCRIPTS $STARTUPDIR/install
    WORKDIR $HOME
    
    ######### Customize Container Here ###########
    
    # Install Custom Certificate Authority
    # COPY ./src/ubuntu/install/certificates $INST_SCRIPTS/certificates/
    # RUN bash $INST_SCRIPTS/certificates/install_ca_cert.sh && rm -rf $INST_SCRIPTS/certificates/
    
    ENV http_proxy http://10.10.1.1:3128
    ENV https_proxy http://10.10.1.1:3128
    ENV ftp_proxy http://10.10.1.1:3128
    
    COPY ./proxy.json /etc/opt/chrome/policies/managed/proxy.json
    COPY ./policies.json /usr/lib/firefox/distribution/policies.json
    
    ######### End Customizations ###########
    
    RUN chown 1000:0 $HOME
    RUN $STARTUPDIR/set_user_permission.sh $HOME
    
    ENV HOME /home/kasm-user
    WORKDIR $HOME
    RUN mkdir -p $HOME && chown -R 1000:0 $HOME
    
    USER 1000
  5. If your proxy server is terminating SSL connections, you may need to load your custom root CA certificate onto your system. To do that you need to complete the following:

    1. Place your certificate in the following directory, overwriting the placeholder file that is currently there ./src/ubuntu/install/certificates/ca.crt (ensure it is named ca.crt).

    2. Edit Dockerfile and uncomment the following lines – ( Remove the “#” characters ):

      ...
      # Install Custom Certificate Authority
      # COPY ./src/ubuntu/install/certificates $INST_SCRIPTS/certificates/
      # RUN bash $INST_SCRIPTS/certificates/install_ca_cert.sh && rm -rf $INST_SCRIPTS/certificates/
      ...
      
      ...
      # Install Custom Certificate Authority
      COPY ./src/ubuntu/install/certificates $INST_SCRIPTS/certificates/
      RUN bash $INST_SCRIPTS/certificates/install_ca_cert.sh && rm -rf $INST_SCRIPTS/certificates/
      ...
      
  6. Build the image

    sudo docker build -t desktop:custom -f Dockerfile .
    
  7. Register the new image in the Kasm UI. See Building Custom Images.