.. title:: External Proxy Configuring an External Proxy ----------------------------- Administrators may deploy Kasm Workspaces in a corporate environment that has a forward proxy, such as a ZScaler or BlueCoat device, in these environments Admins may wish to send outbound Kasm user traffic through the corporate proxy. This document covers the necessary configuration to create a Desktop Image that has the browsers and desktop applications configured send outbound traffic through the proxy. It assumes you understand the process for :doc:`Building Custom Images`. The example URL: :code:`http://10.10.1.1:3128` can be replaced with the URL of your forward proxy server. Creating the Custom Image ^^^^^^^^^^^^^^^^^^^^^^^^^ #. SSH to the Kasm Workspaces server and clone the example Git repository that has examples of custom images. .. code-block:: Bash git clone https://github.com/kasmtech/workspaces-images cd workspaces-images #. Create a file named :code:`proxy.json` with the following contents. Ensure that :code:`http://10.10.1.1:3128` is replaced with the URL of your proxy server. This file will be copied into our image using the :code:`COPY` command in our Dockerfile and will be used by the Chrome Browser. .. parsed-literal:: { "ProxyMode": "fixed_servers", "ProxyServer": "10.10.1.1:3128", "ProxyBypassList": "" } #. Create a file named :code:`policies.json` with the following contents. Ensure that :code:`http://10.10.1.1:3128` is replaced with the URL of your proxy server. This file will be copied into our image using the :code:`COPY` command in our Dockerfile and will be used by the Firefox Browser. .. parsed-literal:: { "policies": { "Proxy": { "Mode": "manual", "Locked": True, "HTTPProxy": "10.10.1.1:3128", "UseHTTPProxyForAllProtocols": True, "Passthrough": "" } } } #. Next we will create a Dockerfile that applies our proxy configs to the Browsers and the Desktop OS. In this example we are basing our image off the :code:`kasmweb/desktop` image, but any image that has the desired browsers installed will work. Create a file named :code:`Dockerfile` with the following contents. Ensure that :code:`http://10.10.1.1:3128` is replaced with the URL of your proxy server. .. parsed-literal:: FROM kasmweb/desktop:|release| USER root ENV HOME /home/kasm-default-profile ENV STARTUPDIR /dockerstartup ENV INST_SCRIPTS $STARTUPDIR/install WORKDIR $HOME ######### Customize Container Here ########### # Install Custom Certificate Authority # COPY ./src/ubuntu/install/certificates $INST_SCRIPTS/certificates/ # RUN bash $INST_SCRIPTS/certificates/install_ca_cert.sh && rm -rf $INST_SCRIPTS/certificates/ ENV http_proxy http://10.10.1.1:3128 ENV https_proxy http://10.10.1.1:3128 ENV ftp_proxy http://10.10.1.1:3128 COPY ./proxy.json /etc/opt/chrome/policies/managed/proxy.json COPY ./policies.json /usr/lib/firefox/distribution/policies.json ######### End Customizations ########### RUN chown 1000:0 $HOME RUN $STARTUPDIR/set_user_permission.sh $HOME ENV HOME /home/kasm-user WORKDIR $HOME RUN mkdir -p $HOME && chown -R 1000:0 $HOME USER 1000 #. If your proxy server is terminating SSL connections, you may need to load your custom root CA certificate onto your system. To do that you need to complete the following: a. Place your certificate in the following directory, overwriting the placeholder file that is currently there :code:`./src/ubuntu/install/certificates/ca.crt` (ensure it is named ca.crt). b. Edit :code:`Dockerfile` and uncomment the following lines – ( Remove the “#” characters ): .. code-block:: Bash ... # Install Custom Certificate Authority # COPY ./src/ubuntu/install/certificates $INST_SCRIPTS/certificates/ # RUN bash $INST_SCRIPTS/certificates/install_ca_cert.sh && rm -rf $INST_SCRIPTS/certificates/ ... .. code-block:: Bash ... # Install Custom Certificate Authority COPY ./src/ubuntu/install/certificates $INST_SCRIPTS/certificates/ RUN bash $INST_SCRIPTS/certificates/install_ca_cert.sh && rm -rf $INST_SCRIPTS/certificates/ ... #. Build the image .. code-block:: Bash sudo docker build -t desktop:custom -f Dockerfile . #. Register the new image in the Kasm UI. See :doc:`Building Custom Images`.