```{title} External Proxy
```

# Configuring an External Proxy

Administrators may deploy Kasm Workspaces in a corporate environment that has a forward proxy, such as a ZScaler or BlueCoat device, in these environments Admins may wish to send outbound
Kasm user traffic through the corporate proxy.

This document covers the necessary configuration to create a Desktop Image that has the browsers and desktop applications configured send outbound traffic through the proxy.
It assumes you understand the process for {doc}`Building Custom Images</how_to/building_images>`.

The example URL: {code}`http://10.10.1.1:3128` can be replaced with the URL of your forward proxy server.

## Creating the Custom Image

1. SSH to the Kasm Workspaces server and clone the example Git repository that has examples of custom images.

   ```Bash
   git clone https://github.com/kasmtech/workspaces-images
   cd workspaces-images
   ```

2. Create a file named {code}`proxy.json` with the following contents.
   Ensure that {code}`http://10.10.1.1:3128` is replaced with the URL of your proxy server.
   This file will be copied into our image using the {code}`COPY` command in our Dockerfile and will be used by the Chrome Browser.

   ```{eval-rst}
   .. parsed-literal::

       {
           "ProxyMode": "fixed_servers",
           "ProxyServer": "10.10.1.1:3128",
           "ProxyBypassList": ""
       }
   ```

3. Create a file named {code}`policies.json` with the following contents.
   : Ensure that {code}`http://10.10.1.1:3128` is replaced with the URL of your proxy server.
     This file will be copied into our image using the {code}`COPY` command in our Dockerfile and will be used by the Firefox Browser.

     ```{eval-rst}
     .. parsed-literal::

         {
             "policies": {
                 "Proxy": {
                     "Mode": "manual",
                     "Locked": True,
                     "HTTPProxy": "10.10.1.1:3128",
                     "UseHTTPProxyForAllProtocols": True,
                     "Passthrough": ""
                 }
             }
         }
     ```

4. Next we will create a Dockerfile that applies our proxy configs to the Browsers and the Desktop OS. In this example
   we are basing our image off the {code}`kasmweb/desktop` image, but any image that has the desired browsers installed will work.

   Create a file named {code}`Dockerfile` with the following contents.
   Ensure that {code}`http://10.10.1.1:3128` is replaced with the URL of your proxy server.

   ```{eval-rst}
   .. parsed-literal::

       FROM kasmweb/desktop:|release|
       USER root

       ENV HOME /home/kasm-default-profile
       ENV STARTUPDIR /dockerstartup
       ENV INST_SCRIPTS $STARTUPDIR/install
       WORKDIR $HOME

       ######### Customize Container Here ###########

       # Install Custom Certificate Authority
       # COPY ./src/ubuntu/install/certificates $INST_SCRIPTS/certificates/
       # RUN bash $INST_SCRIPTS/certificates/install_ca_cert.sh && rm -rf $INST_SCRIPTS/certificates/

       ENV http_proxy http://10.10.1.1:3128
       ENV https_proxy http://10.10.1.1:3128
       ENV ftp_proxy http://10.10.1.1:3128

       COPY ./proxy.json /etc/opt/chrome/policies/managed/proxy.json
       COPY ./policies.json /usr/lib/firefox/distribution/policies.json

       ######### End Customizations ###########

       RUN chown 1000:0 $HOME
       RUN $STARTUPDIR/set_user_permission.sh $HOME

       ENV HOME /home/kasm-user
       WORKDIR $HOME
       RUN mkdir -p $HOME && chown -R 1000:0 $HOME

       USER 1000
   ```

5. If your proxy server is terminating SSL connections, you may need to load your custom root CA certificate onto your system.
   To do that you need to complete the following:

   1. Place your certificate in the following directory, overwriting the placeholder file that is currently
      there {code}`./src/ubuntu/install/certificates/ca.crt` (ensure it is named ca.crt).

   2. Edit {code}`Dockerfile` and uncomment the following lines – ( Remove the “#” characters ):

      ```Bash
      ...
      # Install Custom Certificate Authority
      # COPY ./src/ubuntu/install/certificates $INST_SCRIPTS/certificates/
      # RUN bash $INST_SCRIPTS/certificates/install_ca_cert.sh && rm -rf $INST_SCRIPTS/certificates/
      ...
      ```

      ```Bash
      ...
      # Install Custom Certificate Authority
      COPY ./src/ubuntu/install/certificates $INST_SCRIPTS/certificates/
      RUN bash $INST_SCRIPTS/certificates/install_ca_cert.sh && rm -rf $INST_SCRIPTS/certificates/
      ...
      ```

6. Build the image

   ```Bash
   sudo docker build -t desktop:custom -f Dockerfile .
   ```

7. Register the new image in the Kasm UI. See {doc}`Building Custom Images</how_to/building_images>`.