Is there any quickstart or step by step guide available? #97
Comments
georgygoshin
changed the title
|
I've made new keycloak installation, added realm and client, got the client ID and secret, need some walk thru all options docker --run name rdpgw bolkedebruin/rdpgw:latest First of all please comment, did I understood correctly these environment variables? and after composing the command line with real valiues, docker --run name rdpgw bolkedebruin/rdpgw:latest responsed with the error unknown flag: --run docker run bolkedebruin/rdpgw:latest repsponded with error unknown flag `e' |
|
I just use it for home use i dont know about keycloak i use authentik thats installed on other machine download the dev folder in this project. create for your gateway a provider "openid" and application in authentik. then change the yaml inside the dev folder then you now can then you should now get a rdp file if you go to /connect there are some other options but this is the basic working you could also use a template rdp file to add some extra options like usb camera passtrough just copy from the original rdp. place the file default,rdp also in the dev folder and add default: default.rdp in yaml config. you could also use multiple hosts but i didnt get that working i just deploy the gateway twice. most info in this project you can find searching the issue pull requests and comments here and there. |
First, it is As for the options, there's an undocumented quirk about environment variables. Where you set options about disclaimer: no guaranty that the following command will work for you as presented, further adjustments will be needed. docker run --name rdpgw `
` -e RDPGW_SERVER__SSL_CERT_FILE=/etc/rdpgw/cert.pem ` # < -- replaced with LE cert path
` -e RDPGW_SERVER__SSL_KEY_FILE=/etc/rdpgw/cert.key ` # < -- replaced with LE key path
` -e RDPGW_SERVER__GATEWAY_ADDRESS=https://externally-reachable-name:443 ` # <-- replaced with real address
` -e RDPGW_SERVER__SESSION_KEY=thisisasessionkeyreplacethisjetz ` # 32 characters <--- replaced with generated string
` -e RDPGW_SERVER__SESSION_ENCRYPTION_KEY=thisisasessionkeyreplacethisnunu ` # 32 characters <--- replaced with generated string
` -e RDPGW_OPEN_ID__PROVIDER_URL=http://localhost:8080/auth/realms/rdpgw ` # <-- replaced with real keycloak address
` -e RDPGW_OPEN_ID__CLIENT_ID=rdpgw ` # <-- replaced with client ID from Keycloak
` -e RDPGW_OPEN_ID__CLIENT_SECRET=01cd304c-6f43-4480-9479-618eb6fd578f ` # <-- replaced with client secret from Keycloak
` -e RDPGW_SECURITY__SECURITY_PAA_TOKEN_SIGNING_KEY=prettypleasereplacemeinproductio ` # <--- replaced with generated string
` -v conf:/etc/rdpgw `
` --network host `
` bolkedebruin/rdpgw:latestNote, that Another note: the command above uses Third note: really, look into using |
|
I'm getting the same issues. I'm following a guide that claims to follow the repo here, but it's simply not working. I don't understand how to get it to work. I can't request for help from the blog post linked1. I am also trying to change the default ports here: I can't use ports 80 and 443 (or 8080) because I already have servers listening on these ports for both public and private addresses, and cannot stop them (they're used by multiple other VMs) Configuration details
My docker-compose.ymlversion: "3.9"
services:
postgres:
container_name: db
image: "postgres:14.4"
restart: always
healthcheck:
test: [ "CMD", "pg_isready", "-q", "-d", "postgres", "-U", "postgres" ]
timeout: 45s
interval: 10s
retries: 10
volumes:
- ./postgres_data:/var/lib/postgresql/data
- ./sql:/docker-entrypoint-initdb.d/:ro # turn it on, if you need run init DB
environment:
POSTGRES_USER: postgres
POSTGRES_PASSWORD: postgres
POSTGRES_DB: keycloak
POSTGRES_HOST: postgres
networks:
- pgsql
keycloak:
container_name: keycloak
image: quay.io/keycloak/keycloak
command: ['start', '--proxy', "edge"]
restart: always
depends_on:
postgres:
condition: service_healthy
environment:
JAVA_OPTS_APPEND: -Dkeycloak.profile.feature.upload_scripts=enabled
KC_DB_PASSWORD: postgres
KC_DB_URL: "jdbc:postgresql://postgres/keycloak"
KC_DB_USERNAME: postgres
KC_DB: postgres
KC_HEALTH_ENABLED: 'true'
KC_HTTP_ENABLED: 'true'
KC_METRICS_ENABLED: 'true'
KC_HOSTNAME_STRICT_HTTPS: false
KC_HOSTNAME: rdgateway-keycloak.ReusedDomain
PROXY_ADDRESS_FORWARDING: 'true'
KEYCLOAK_ADMIN: UniqueUsername
KEYCLOAK_ADMIN_PASSWORD: UniquePassword
healthcheck:
test: ["CMD-SHELL", "exec 3<>/dev/tcp/127.0.0.1/8080;echo -e \"GET /health/ready HTTP/1.1\r\nhost: http://localhost\r\nConnection: close\r\n\r\n\" >&3;grep \"HTTP/1.1 200 OK\" <&3"]
interval: 10s
retries: 10
start_period: 20s
timeout: 10s
ports:
- "8280:8080"
- "8287:8787" # debug port
networks:
- pgsql
- keycloak
rdpgw:
image: bolkedebruin/rdpgw:latest
restart: always
container_name: rdpgw
ports:
- "8180:80"
- "8143:443"
volumes:
- ./rdpgw.yaml:/opt/rdpgw/rdpgw.yaml
depends_on:
keycloak:
condition: service_healthy
networks:
- keycloak
networks:
pgsql:
driver: bridge
keycloak:
driver: bridgeMy rdpgw.yamlServer:
Tls: disable
DisableTLS: true
GatewayAddress: rdpgw.ReusedDomain
Port: 8180
Hosts:
- localhost:3389
- UniqueDomain:3389 # this is set in the hosts file to resolve to a VM ip
RoundRobin: any
SessionKey: "Unique32Chars"
SessionEncryptionKey: "Unique32Chars"
Authentication:
- openid
OpenId:
ProviderUrl: http://rdgateway-keycloak.ReusedDomain/realms/rdpgw
ClientId: rdpgw
ClientSecret: UniqueGUID
Client:
UsernameTemplate: "{{ username }}"
NetworkAutoDetect: 1
BandwidthAutoDetect: 1
ConnectionType: 6
SplitUserDomain: true
Security:
PAATokenSigningKey: "Unique32Chars"
PAATokenEncryptionKey: "Unique32Chars"
UserTokenEncryptionKey: "Unique32Chars"
VerifyClientIp: false
Caps:
TokenAuth: true
IdleTimeout: 10
EnablePrinter: true
EnablePort: true
EnablePnp: true
EnableDrive: true
EnableClipboard: trueCaddy config (running under windows host)rdgateway-keycloak.ReusedDomain:443 {
# Working TLS config removed (this is the same config used on other subdomains, it adds lets encrypt and integrates with DNS api)
reverse_proxy 127.0.0.1:8280
}
rdpgw.ReusedDomain:443 {
# Working TLS config removed (this is the same config used on other subdomains, it adds lets encrypt and integrates with DNS api)
reverse_proxy 127.0.0.1:8180
}I cannot connect on any of the following urls:
My intended use case is self-hosting RDP access to my personal computer and some virtual machines on it without having to run a full VPN server for security; rather than using TLS termination inside any of the containers, I wish to use the native install of caddy that I've got running as a windows service (this is currently working for such things as airsonic, plex, calibre, and bubbleupnp, as well as several applications with ports forwarded from virtual machines). I've never used docker before, this is my first project using it, so please assume that I have no idea what I'm doing here (I feel like I'm probably missing something super simple). If it's possible to set this up using WSL's mirrored networking enabled, that would also be helpful, but that's rather out of scope here (I'd like to use WSL mirrored networking for other services). Footnotes
|
|
The rdpgw server only responds to “http://rdpgw.ReusedDomain:8180/connect” over http in your case as per documentation. This should redirect you to your keycloak server for authentication. MS Clients require https so your TLS termination should work. If you cannot connect to either your keycloak installation or rdpgw, you are misconfiguring them with either IP/port or config. |
|
In caddy you redirect rdpgw to Then, also in On the same note, try adding The image of keycloak has Also, I have built the My configNote: I've used caddy's self-signed certificate authority, so I had to install its root certificate into rdpgw's container. the populate-certs:
<<: *default
image: alpine
init: true
entrypoint: ["sh", "-c"]
command:
- |
apk add ca-certificates
mkdir -p /usr/local/share/ca-certificates/
cp /data/caddy/pki/authorities/local/*.crt /usr/local/share/ca-certificates/
update-ca-certificates
exec sleep infinity
volumes:
- data_caddy:/data:ro
- cert_caddy:/etc/ssl/certs
rdpgw:
<<: *default
labels: *simple_expose
build:
context: https://github.com/bolkedebruin/rdpgw.git#:/dev/docker
volumes:
- cert_caddy:/etc/ssl/certs:ro
expose: [80]
environment:
RDPGW_SERVER__GATEWAY_ADDRESS: https://rdpgw.${BASE_DOMAIN}
RDPGW_SERVER__PORT: "80"
RDPGW_SERVER__TLS: disable
RDPGW_OPEN_ID__PROVIDER_URL: https://keycloak.${BASE_DOMAIN}/auth/realms/rdpgw
depends_on:
- keycloak
keycloak:
<<: *default
labels: *simple_expose
image: quay.io/keycloak/keycloak:latest
volumes:
- /config/attempt/realm-export.json:/opt/keycloak/data/import/realm-export.json
environment:
KEYCLOAK_USER: admin
KEYCLOAK_PASSWORD: admin
KEYCLOAK_ADMIN: admin
KEYCLOAK_ADMIN_PASSWORD: admin
KC_PROXY: edge
expose: [8080]
command:
- start-dev
- --import-realm
- --http-relative-path=/auth
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:8080/auth"]
interval: 30s
timeout: 3s
retries: 10
start_period: 5s |
Hello
Trying to start the gateway, spent a lot of time but still can't understand. I see by other user's questions / comments that it's working but can't find the way to do the same. Is there any quick-start guide for dockerhub version? Tried to grab it with portainer without any luck, now with simple docker on linux, ends with
Cannot get oidc provider: Get "http://keycloak:8080/auth/realms/rdpgw/.well-known/openid-configuration": dial tcp: lookup keycloak on
is there a way to quickly start without 2FA to connect from outside to Windows RDP in LAN ?
The text was updated successfully, but these errors were encountered: