Squid is an open source forward proxy. We have developed a containerized version of Squid for proxy redirection. This project is open source and located at https://bitbucket.org/kasmtech/kasm_squid/src/master/
Clone the repository at https://bitbucket.org/kasmtech/kasm_squid/src/master/
Run the install redirector script with the Kasm Workspaces url after the -k argument
sudo ./install_redirector.sh -k https://kasm.company.internal
Download myCA.der from /srv/kasm_squid/ssl_cert/myCA.der
For most browsers, windows settings can be used for the proxy settings.
Setup Root CA Trust
Use the windows key + r shortcut to open the run prompt
Type in secpol.msc and click OK
Select public Key Policies from the Security Settings
Open the Certificate Path Validation Settings window
Check Define these policy settings
Make sure to select all of these
Allow user trusted root CAs to be used to validate certificates
Allow users to trust peer trust certificates
Third-Party Root CAs and Enterprise Root CAs
Use the windows key + r shortcut to pen the run prompt
Type in certmgr.msc and click OK
Expand Trusted Root Certification Authorities
Right click certificates -> all tasks -> import
Browse to the certificate and select open
Click next, next and finish
Setup proxy in windows settings
Open Windows settings and select Network and Internet
Select proxy at the bottom left
Under manual proxy setup select Use a proxy server
Enter the Kasm proxy server address and port 3122
Enter the Kasm domain into the excluded proxy addresses
For browsers like Edge, Chrome and Internet Explorer the proxy should be up and working. Firefox will need to be configured separately.
In the Firefox options select privacy and security
Scroll to the bottom and click View Certificates
Import myCA.der from the Kasm Proxy
Check all boxes and click OK
Navigate to the General tab
Scroll to the bottom for Network Settings
Select Manual proxy configuration
Input the IP address of the squid server and port 3122
Select Use proxy for all protocols
Add in the Kasm Workspaces domain name under no proxy for
Firefox will now redirect all traffic through the secure Kasm.
If the browser is not connecting to the proxy make sure to open port 3122 on the proxy server.
If the Kasm seems to be reconnecting make sure the browser is configured to not use the proxy settings for the Kasm Workspaces server as Squid does not handle websockets.
If HTTPS or security warning errors are occurring, ensure the root certificate is installed on the browser.
Ensure that the proxy was installed using the domain name for the actual Kasm Workspaces server.