Configuring an External Proxy
Administrators may deploy Kasm Workspaces in a corporate environment that has a forward proxy, such as a ZScaler or BlueCoat device, in these environments Admins may wish to send outbound Kasm user traffic through the corporate proxy.
This document covers the necessary configuration to create a Desktop Image that has the browsers and desktop applications configured send outbound traffic through the proxy. It assumes you understand the process for Building Custom Images.
The example URL: http://10.10.1.1:3128
can be replaced with the URL of your forward proxy server.
Creating the Custom Image
SSH to the Kasm Workspaces server and clone the example Git repository that has examples of custom images.
git clone https://github.com/kasmtech/workspaces-images cd workspaces-images
Create a file named
proxy.json
with the following contents. Ensure thathttp://10.10.1.1:3128
is replaced with the URL of your proxy server. This file will be copied into our image using theCOPY
command in our Dockerfile and will be used by the Chrome Browser.{ "ProxyMode": "fixed_servers", "ProxyServer": "10.10.1.1:3128", "ProxyBypassList": "" }
Create a file named
policies.json
with the following contents. : Ensure thathttp://10.10.1.1:3128
is replaced with the URL of your proxy server. This file will be copied into our image using theCOPY
command in our Dockerfile and will be used by the Firefox Browser.{ "policies": { "Proxy": { "Mode": "manual", "Locked": True, "HTTPProxy": "10.10.1.1:3128", "UseHTTPProxyForAllProtocols": True, "Passthrough": "" } } }
Next we will create a Dockerfile that applies our proxy configs to the Browsers and the Desktop OS. In this example we are basing our image off the
kasmweb/desktop
image, but any image that has the desired browsers installed will work.Create a file named
Dockerfile
with the following contents. Ensure thathttp://10.10.1.1:3128
is replaced with the URL of your proxy server.FROM kasmweb/desktop:1.16.1 USER root ENV HOME /home/kasm-default-profile ENV STARTUPDIR /dockerstartup ENV INST_SCRIPTS $STARTUPDIR/install WORKDIR $HOME ######### Customize Container Here ########### # Install Custom Certificate Authority # COPY ./src/ubuntu/install/certificates $INST_SCRIPTS/certificates/ # RUN bash $INST_SCRIPTS/certificates/install_ca_cert.sh && rm -rf $INST_SCRIPTS/certificates/ ENV http_proxy http://10.10.1.1:3128 ENV https_proxy http://10.10.1.1:3128 ENV ftp_proxy http://10.10.1.1:3128 COPY ./proxy.json /etc/opt/chrome/policies/managed/proxy.json COPY ./policies.json /usr/lib/firefox/distribution/policies.json ######### End Customizations ########### RUN chown 1000:0 $HOME RUN $STARTUPDIR/set_user_permission.sh $HOME ENV HOME /home/kasm-user WORKDIR $HOME RUN mkdir -p $HOME && chown -R 1000:0 $HOME USER 1000
If your proxy server is terminating SSL connections, you may need to load your custom root CA certificate onto your system. To do that you need to complete the following:
Place your certificate in the following directory, overwriting the placeholder file that is currently there
./src/ubuntu/install/certificates/ca.crt
(ensure it is named ca.crt).Edit
Dockerfile
and uncomment the following lines – ( Remove the “#” characters ):... # Install Custom Certificate Authority # COPY ./src/ubuntu/install/certificates $INST_SCRIPTS/certificates/ # RUN bash $INST_SCRIPTS/certificates/install_ca_cert.sh && rm -rf $INST_SCRIPTS/certificates/ ...
... # Install Custom Certificate Authority COPY ./src/ubuntu/install/certificates $INST_SCRIPTS/certificates/ RUN bash $INST_SCRIPTS/certificates/install_ca_cert.sh && rm -rf $INST_SCRIPTS/certificates/ ...
Build the image
sudo docker build -t desktop:custom -f Dockerfile .
Register the new image in the Kasm UI. See Building Custom Images.