---
myst:
html_meta:
"description lang=en": "Pointing a Workspaces session to an external HTTP/HTTPS/FTP proxy."
"keywords": "Kasm, How to, How-to, Proxy, External, FTP, HTTP, HTTPS"
"property=og:locale": "en_US"
---
```{title} External Proxy
```
# Configuring an External Proxy
Administrators may deploy Kasm Workspaces in a corporate environment that has a forward proxy, such as a ZScaler or BlueCoat device, in these environments Admins may wish to send outbound
Kasm user traffic through the corporate proxy.
This document covers the necessary configuration to create a Desktop Image that has the browsers and desktop applications configured send outbound traffic through the proxy.
It assumes you understand the process for {doc}`Building Custom Images`.
The example URL: {code}`http://10.10.1.1:3128` can be replaced with the URL of your forward proxy server.
## Creating the Custom Image
1. SSH to the Kasm Workspaces server and clone the example Git repository that has examples of custom images.
```Bash
git clone https://github.com/kasmtech/workspaces-images
cd workspaces-images
```
2. Create a file named {code}`proxy.json` with the following contents.
Ensure that {code}`http://10.10.1.1:3128` is replaced with the URL of your proxy server.
This file will be copied into our image using the {code}`COPY` command in our Dockerfile and will be used by the Chrome Browser.
```{eval-rst}
.. parsed-literal::
{
"ProxyMode": "fixed_servers",
"ProxyServer": "10.10.1.1:3128",
"ProxyBypassList": ""
}
```
3. Create a file named {code}`policies.json` with the following contents.
: Ensure that {code}`http://10.10.1.1:3128` is replaced with the URL of your proxy server.
This file will be copied into our image using the {code}`COPY` command in our Dockerfile and will be used by the Firefox Browser.
```{eval-rst}
.. parsed-literal::
{
"policies": {
"Proxy": {
"Mode": "manual",
"Locked": True,
"HTTPProxy": "10.10.1.1:3128",
"UseHTTPProxyForAllProtocols": True,
"Passthrough": ""
}
}
}
```
4. Next we will create a Dockerfile that applies our proxy configs to the Browsers and the Desktop OS. In this example
we are basing our image off the {code}`kasmweb/desktop` image, but any image that has the desired browsers installed will work.
Create a file named {code}`Dockerfile` with the following contents.
Ensure that {code}`http://10.10.1.1:3128` is replaced with the URL of your proxy server.
```{eval-rst}
.. parsed-literal::
FROM kasmweb/desktop:|release|
USER root
ENV HOME /home/kasm-default-profile
ENV STARTUPDIR /dockerstartup
ENV INST_SCRIPTS $STARTUPDIR/install
WORKDIR $HOME
######### Customize Container Here ###########
# Install Custom Certificate Authority
# COPY ./src/ubuntu/install/certificates $INST_SCRIPTS/certificates/
# RUN bash $INST_SCRIPTS/certificates/install_ca_cert.sh && rm -rf $INST_SCRIPTS/certificates/
ENV http_proxy http://10.10.1.1:3128
ENV https_proxy http://10.10.1.1:3128
ENV ftp_proxy http://10.10.1.1:3128
COPY ./proxy.json /etc/opt/chrome/policies/managed/proxy.json
COPY ./policies.json /usr/lib/firefox/distribution/policies.json
######### End Customizations ###########
RUN chown 1000:0 $HOME
RUN $STARTUPDIR/set_user_permission.sh $HOME
ENV HOME /home/kasm-user
WORKDIR $HOME
RUN mkdir -p $HOME && chown -R 1000:0 $HOME
USER 1000
```
5. If your proxy server is terminating SSL connections, you may need to load your custom root CA certificate onto your system.
To do that you need to complete the following:
1. Place your certificate in the following directory, overwriting the placeholder file that is currently
there {code}`./src/ubuntu/install/certificates/ca.crt` (ensure it is named ca.crt).
2. Edit {code}`Dockerfile` and uncomment the following lines – ( Remove the “#” characters ):
```Bash
...
# Install Custom Certificate Authority
# COPY ./src/ubuntu/install/certificates $INST_SCRIPTS/certificates/
# RUN bash $INST_SCRIPTS/certificates/install_ca_cert.sh && rm -rf $INST_SCRIPTS/certificates/
...
```
```Bash
...
# Install Custom Certificate Authority
COPY ./src/ubuntu/install/certificates $INST_SCRIPTS/certificates/
RUN bash $INST_SCRIPTS/certificates/install_ca_cert.sh && rm -rf $INST_SCRIPTS/certificates/
...
```
6. Build the image
```Bash
sudo docker build -t desktop:custom -f Dockerfile .
```
7. Register the new image in the Kasm UI. See {doc}`Building Custom Images`.