mirror of
https://github.com/bolkedebruin/rdpgw.git
synced 2025-08-14 21:03:46 +02:00
Switch to uppercase due to koanf
This commit is contained in:
Bolke de Bruin
parent
b05886db73
commit
bdd0155dbb
2 changed files with 52 additions and 52 deletions
64
README.md
64
README.md
|
|
@ -44,68 +44,68 @@ template.
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
# web server configuration.
|
# web server configuration.
|
||||||
server:
|
Server:
|
||||||
# disable TLS if termination happens somehwere else (e.g. a load balancer)
|
# disable TLS if termination happens somehwere else (e.g. a load balancer)
|
||||||
# note: rdp connections over a gateway require TLS
|
# Note: rdp connections over a gateway require TLS
|
||||||
disableTLS: false
|
DisableTLS: false
|
||||||
# TLS certificate files
|
# TLS certificate files
|
||||||
certFile: server.pem
|
CertFile: server.pem
|
||||||
keyFile: key.pem
|
KeyFile: key.pem
|
||||||
# gateway address advertised in the rdp files
|
# gateway address advertised in the rdp files
|
||||||
gatewayAddress: localhost
|
GatewayAddress: localhost
|
||||||
# port to listen on (change to 80 or equivalent if not using TLS)
|
# port to listen on (change to 80 or equivalent if not using TLS)
|
||||||
port: 443
|
Port: 443
|
||||||
# list of acceptable desktop hosts to connect to
|
# list of acceptable desktop hosts to connect to
|
||||||
hosts:
|
Hosts:
|
||||||
- localhost:3389
|
- localhost:3389
|
||||||
- my-{{ preferred_username }}-host:3389
|
- my-{{ preferred_username }}-host:3389
|
||||||
# Allow the user to connect to any host (insecure)
|
# Allow the user to connect to any host (insecure)
|
||||||
- any
|
- any
|
||||||
# if true the server randomly selects a host to connect to
|
# if true the server randomly selects a host to connect to
|
||||||
roundRobin: false
|
RoundRobin: false
|
||||||
# a random strings of at least 32 characters to secure cookies on the client
|
# a random strings of at least 32 characters to secure cookies on the client
|
||||||
# make sure to share this across the different pods
|
# make sure to share this across the different pods
|
||||||
sessionKey: thisisasessionkeyreplacethisjetzt
|
SessionKey: thisisasessionkeyreplacethisjetzt
|
||||||
sessionEncryptionKey: thisisasessionkeyreplacethisnunu!
|
SessionEncryptionKey: thisisasessionkeyreplacethisnunu!
|
||||||
# where to store session details. This can be either file or cookie (default: cookie)
|
# where to store session details. This can be either file or cookie (default: cookie)
|
||||||
# if a file store is chosen, it is required to have clients 'keep state' to the rdpgw
|
# if a file store is chosen, it is required to have clients 'keep state' to the rdpgw
|
||||||
# instance they are connected to.
|
# instance they are connected to.
|
||||||
sessionStore: cookie
|
SessionStore: cookie
|
||||||
# tries to set the receive / send buffer of the connections to the client
|
# tries to set the receive / send buffer of the connections to the client
|
||||||
# in case of high latency high bandwidth the defaults set by the OS might
|
# in case of high latency high bandwidth the defaults set by the OS might
|
||||||
# be to low for a good experience
|
# be to low for a good experience
|
||||||
# receiveBuf: 12582912
|
# ReceiveBuf: 12582912
|
||||||
# sendBuf: 12582912
|
# SendBuf: 12582912
|
||||||
# Open ID Connect specific settings
|
# Open ID Connect specific settings
|
||||||
openId:
|
OpenId:
|
||||||
providerUrl: http://keycloak/auth/realms/test
|
ProviderUrl: http://keycloak/auth/realms/test
|
||||||
clientId: rdpgw
|
ClientId: rdpgw
|
||||||
clientSecret: your-secret
|
ClientSecret: your-secret
|
||||||
# enabled / disabled capabilities
|
# enabled / disabled capabilities
|
||||||
caps:
|
Caps:
|
||||||
smartCardAuth: false
|
SmartCardAuth: false
|
||||||
tokenAuth: true
|
TokenAuth: true
|
||||||
# connection timeout in minutes, 0 is limitless
|
# connection timeout in minutes, 0 is limitless
|
||||||
idleTimeout: 10
|
IdleTimeout: 10
|
||||||
enablePrinter: true
|
EnablePrinter: true
|
||||||
enablePort: true
|
EnablePort: true
|
||||||
enablePnp: true
|
EnablePnp: true
|
||||||
enableDrive: true
|
EnableDrive: true
|
||||||
enableClipboard: true
|
EnableClipboard: true
|
||||||
client:
|
Client:
|
||||||
# this is a go string templated with {{ username }} and {{ token }}
|
# this is a go string templated with {{ username }} and {{ token }}
|
||||||
# the example below uses the ASCII field separator to distinguish
|
# the example below uses the ASCII field separator to distinguish
|
||||||
# between user and token
|
# between user and token
|
||||||
usernameTemplate: "{{ username }}@bla.com\x1f{{ token }}"
|
UsernameTemplate: "{{ username }}@bla.com\x1f{{ token }}"
|
||||||
# rdp file settings see:
|
# rdp file settings see:
|
||||||
# https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/rdp-files
|
# https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/rdp-files
|
||||||
networkAutoDetect: 0
|
NetworkAutoDetect: 0
|
||||||
bandwidthAutoDetect: 1
|
BandwidthAutoDetect: 1
|
||||||
ConnectionType: 6
|
ConnectionType: 6
|
||||||
# If true puts splits "user@domain.com" into the user and domain component so that
|
# If true puts splits "user@domain.com" into the user and domain component so that
|
||||||
# domain gets set in the rdp file and the domain name is stripped from the username
|
# domain gets set in the rdp file and the domain name is stripped from the username
|
||||||
SplitUserDomain: false
|
SplitUserDomain: false
|
||||||
security:
|
Security:
|
||||||
# a random string of at least 32 characters to secure cookies on the client
|
# a random string of at least 32 characters to secure cookies on the client
|
||||||
# make sure to share this amongst different pods
|
# make sure to share this amongst different pods
|
||||||
PAATokenSigningKey: thisisasessionkeyreplacethisjetzt
|
PAATokenSigningKey: thisisasessionkeyreplacethisjetzt
|
||||||
|
|
|
||||||
|
|
@ -1,23 +1,23 @@
|
||||||
server:
|
Server:
|
||||||
certFile: /opt/rdpgw/server.pem
|
CertFile: /opt/rdpgw/server.pem
|
||||||
keyFile: /opt/rdpgw/key.pem
|
KeyFile: /opt/rdpgw/key.pem
|
||||||
gatewayAddress: localhost:9443
|
GatewayAddress: localhost:9443
|
||||||
port: 9443
|
Port: 9443
|
||||||
hosts:
|
Hosts:
|
||||||
- xrdp:3389
|
- xrdp:3389
|
||||||
roundRobin: false
|
RoundRobin: false
|
||||||
sessionKey: thisisasessionkeyreplacethisjetz
|
SessionKey: thisisasessionkeyreplacethisjetz
|
||||||
sessionEncryptionKey: thisisasessionkeyreplacethisnunu
|
SessionEncryptionKey: thisisasessionkeyreplacethisnunu
|
||||||
openId:
|
OpenId:
|
||||||
providerUrl: http://keycloak:8080/auth/realms/rdpgw
|
ProviderUrl: http://keycloak:8080/auth/realms/rdpgw
|
||||||
clientId: rdpgw
|
ClientId: rdpgw
|
||||||
clientSecret: 01cd304c-6f43-4480-9479-618eb6fd578f
|
ClientSecret: 01cd304c-6f43-4480-9479-618eb6fd578f
|
||||||
client:
|
Client:
|
||||||
usernameTemplate: "{{ username }}"
|
UsernameTemplate: "{{ username }}"
|
||||||
networkAutoDetect: 0
|
NetworkAutoDetect: 0
|
||||||
bandwidthAutoDetect: 1
|
BandwidthAutoDetect: 1
|
||||||
ConnectionType: 6
|
ConnectionType: 6
|
||||||
security:
|
Security:
|
||||||
PAATokenSigningKey: prettypleasereplacemeinproductio
|
PAATokenSigningKey: prettypleasereplacemeinproductio
|
||||||
caps:
|
Caps:
|
||||||
tokenAuth: true
|
TokenAuth: true
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue