--- myst: html_meta: "description lang=en": "Pointing a Workspaces session to an external HTTP/HTTPS/FTP proxy." "keywords": "Kasm, How to, How-to, Proxy, External, FTP, HTTP, HTTPS" "property=og:locale": "en_US" --- ```{title} External Proxy ``` # Configuring an External Proxy Administrators may deploy Kasm Workspaces in a corporate environment that has a forward proxy, such as a ZScaler or BlueCoat device, in these environments Admins may wish to send outbound Kasm user traffic through the corporate proxy. This document covers the necessary configuration to create a Desktop Image that has the browsers and desktop applications configured send outbound traffic through the proxy. It assumes you understand the process for {doc}`Building Custom Images`. The example URL: {code}`http://10.10.1.1:3128` can be replaced with the URL of your forward proxy server. ## Creating the Custom Image 1. SSH to the Kasm Workspaces server and clone the example Git repository that has examples of custom images. ```Bash git clone https://github.com/kasmtech/workspaces-images cd workspaces-images ``` 2. Create a file named {code}`proxy.json` with the following contents. Ensure that {code}`http://10.10.1.1:3128` is replaced with the URL of your proxy server. This file will be copied into our image using the {code}`COPY` command in our Dockerfile and will be used by the Chrome Browser. ```{eval-rst} .. parsed-literal:: { "ProxyMode": "fixed_servers", "ProxyServer": "10.10.1.1:3128", "ProxyBypassList": "" } ``` 3. Create a file named {code}`policies.json` with the following contents. : Ensure that {code}`http://10.10.1.1:3128` is replaced with the URL of your proxy server. This file will be copied into our image using the {code}`COPY` command in our Dockerfile and will be used by the Firefox Browser. ```{eval-rst} .. parsed-literal:: { "policies": { "Proxy": { "Mode": "manual", "Locked": True, "HTTPProxy": "10.10.1.1:3128", "UseHTTPProxyForAllProtocols": True, "Passthrough": "" } } } ``` 4. Next we will create a Dockerfile that applies our proxy configs to the Browsers and the Desktop OS. In this example we are basing our image off the {code}`kasmweb/desktop` image, but any image that has the desired browsers installed will work. Create a file named {code}`Dockerfile` with the following contents. Ensure that {code}`http://10.10.1.1:3128` is replaced with the URL of your proxy server. ```{eval-rst} .. parsed-literal:: FROM kasmweb/desktop:|release| USER root ENV HOME /home/kasm-default-profile ENV STARTUPDIR /dockerstartup ENV INST_SCRIPTS $STARTUPDIR/install WORKDIR $HOME ######### Customize Container Here ########### # Install Custom Certificate Authority # COPY ./src/ubuntu/install/certificates $INST_SCRIPTS/certificates/ # RUN bash $INST_SCRIPTS/certificates/install_ca_cert.sh && rm -rf $INST_SCRIPTS/certificates/ ENV http_proxy http://10.10.1.1:3128 ENV https_proxy http://10.10.1.1:3128 ENV ftp_proxy http://10.10.1.1:3128 COPY ./proxy.json /etc/opt/chrome/policies/managed/proxy.json COPY ./policies.json /usr/lib/firefox/distribution/policies.json ######### End Customizations ########### RUN chown 1000:0 $HOME RUN $STARTUPDIR/set_user_permission.sh $HOME ENV HOME /home/kasm-user WORKDIR $HOME RUN mkdir -p $HOME && chown -R 1000:0 $HOME USER 1000 ``` 5. If your proxy server is terminating SSL connections, you may need to load your custom root CA certificate onto your system. To do that you need to complete the following: 1. Place your certificate in the following directory, overwriting the placeholder file that is currently there {code}`./src/ubuntu/install/certificates/ca.crt` (ensure it is named ca.crt). 2. Edit {code}`Dockerfile` and uncomment the following lines – ( Remove the “#” characters ): ```Bash ... # Install Custom Certificate Authority # COPY ./src/ubuntu/install/certificates $INST_SCRIPTS/certificates/ # RUN bash $INST_SCRIPTS/certificates/install_ca_cert.sh && rm -rf $INST_SCRIPTS/certificates/ ... ``` ```Bash ... # Install Custom Certificate Authority COPY ./src/ubuntu/install/certificates $INST_SCRIPTS/certificates/ RUN bash $INST_SCRIPTS/certificates/install_ca_cert.sh && rm -rf $INST_SCRIPTS/certificates/ ... ``` 6. Build the image ```Bash sudo docker build -t desktop:custom -f Dockerfile . ``` 7. Register the new image in the Kasm UI. See {doc}`Building Custom Images`.