Configuring an External Proxy

Administrators may deploy Kasm Workspaces in a corporate environment that has a forward proxy, such as a ZScaler or BlueCoat device, in these environments Admins may wish to send outbound Kasm user traffic through the corporate proxy.

This document covers the necessary configuration to create a Desktop Image that has the browsers and desktop applications configured send outbound traffic through the proxy. It assumes you understand the process for Building Custom Images.

The example URL: http://10.10.1.1:3128 can be replaced with the URL of your forward proxy server.

Creating the Custom Image

SSH to the Kasm Workspaces server and clone the example Git repository that has examples of custom images.
```
git clone https://github.com/kasmtech/workspaces-images
cd workspaces-images
```
Create a file named proxy.json with the following contents. Ensure that http://10.10.1.1:3128 is replaced with the URL of your proxy server. This file will be copied into our image using the COPY command in our Dockerfile and will be used by the Chrome Browser.
```
{
    "ProxyMode": "fixed_servers",
    "ProxyServer": "10.10.1.1:3128",
    "ProxyBypassList": ""
}
```

Create a file named policies.json with the following contents. : Ensure that http://10.10.1.1:3128 is replaced with the URL of your proxy server. This file will be copied into our image using the COPY command in our Dockerfile and will be used by the Firefox Browser.

{
    "policies": {
        "Proxy": {
            "Mode": "manual",
            "Locked": True,
            "HTTPProxy": "10.10.1.1:3128",
            "UseHTTPProxyForAllProtocols": True,
            "Passthrough": ""
        }
    }
}

Next we will create a Dockerfile that applies our proxy configs to the Browsers and the Desktop OS. In this example we are basing our image off the kasmweb/desktop image, but any image that has the desired browsers installed will work.

Create a file named Dockerfile with the following contents. Ensure that http://10.10.1.1:3128 is replaced with the URL of your proxy server.

FROM kasmweb/desktop:1.16.0
USER root

ENV HOME /home/kasm-default-profile
ENV STARTUPDIR /dockerstartup
ENV INST_SCRIPTS $STARTUPDIR/install
WORKDIR $HOME

######### Customize Container Here ###########

# Install Custom Certificate Authority
# COPY ./src/ubuntu/install/certificates $INST_SCRIPTS/certificates/
# RUN bash $INST_SCRIPTS/certificates/install_ca_cert.sh && rm -rf $INST_SCRIPTS/certificates/

ENV http_proxy http://10.10.1.1:3128
ENV https_proxy http://10.10.1.1:3128
ENV ftp_proxy http://10.10.1.1:3128

COPY ./proxy.json /etc/opt/chrome/policies/managed/proxy.json
COPY ./policies.json /usr/lib/firefox/distribution/policies.json

######### End Customizations ###########

RUN chown 1000:0 $HOME
RUN $STARTUPDIR/set_user_permission.sh $HOME

ENV HOME /home/kasm-user
WORKDIR $HOME
RUN mkdir -p $HOME && chown -R 1000:0 $HOME

USER 1000

If your proxy server is terminating SSL connections, you may need to load your custom root CA certificate onto your system. To do that you need to complete the following:

Place your certificate in the following directory, overwriting the placeholder file that is currently there ./src/ubuntu/install/certificates/ca.crt (ensure it is named ca.crt).

Edit Dockerfile and uncomment the following lines – ( Remove the “#” characters ):

...
# Install Custom Certificate Authority
# COPY ./src/ubuntu/install/certificates $INST_SCRIPTS/certificates/
# RUN bash $INST_SCRIPTS/certificates/install_ca_cert.sh && rm -rf $INST_SCRIPTS/certificates/
...

...
# Install Custom Certificate Authority
COPY ./src/ubuntu/install/certificates $INST_SCRIPTS/certificates/
RUN bash $INST_SCRIPTS/certificates/install_ca_cert.sh && rm -rf $INST_SCRIPTS/certificates/
...

Build the image

sudo docker build -t desktop:custom -f Dockerfile .

Register the new image in the Kasm UI. See Building Custom Images.