Merge branch 'master' of https://github.com/bolkedebruin/rdpgw

README.md

@@ -87,6 +87,17 @@ security:
   # make sure to share this amongst different pods
   tokenSigningKey: thisisasessionkeyreplacethisjetzt
 ```
+## Testing locally
+A convenience docker-compose allows you to test the RDPGW locally. It uses [Keycloak](http://www.keycloak.org) 
+and [xrdp](http://www.xrdp.org) and exposes it services on port 443. You will need to allow your browser
+to connect to localhost with and self signed security certificate. For chrome set `chrome://flags/#allow-insecure-localhost`.
+The username to login to both Keycloak and xrdp is `admin` as is the password.
+
+```bash
+cd dev/docker
+docker-compose build
+docker-compose up
+```
 
 ## Use
 Point your browser to `https://your-gateway/connect`. After authentication

dev/docker/Dockerfile

@@ -0,0 +1,31 @@
+FROM debian:buster-slim
+
+RUN apt-get update && \
+    apt-get install -y git golang openssl curl && \
+    random=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1) && \
+    openssl genrsa -des3 -passout pass:$random -out server.pass.key 2048 && \
+    openssl rsa -passin pass:$random -in server.pass.key -out key.pem && \
+    rm server.pass.key && \
+    openssl req -new -sha256 -key key.pem -out server.csr \
+    -subj "/C=US/ST=VA/L=SomeCity/O=MyCompany/OU=MyDivision/CN=localhost" && \
+    openssl x509 -req -days 365 -in server.csr -signkey key.pem -out server.pem
+
+RUN git clone https://github.com/bolkedebruin/rdpgw.git && \
+    cd rdpgw && \
+    env GOOS=linux GOARCH=amd64 go build && \
+    mkdir -p /opt/rdpgw && \
+    mv rdpgw /opt/rdpgw/rdpgw && \
+    rm -rf /root/go && \
+    rm -rf /rdpgw
+
+COPY rdpgw.yaml /opt/rdpgw/rdpgw.yaml
+
+RUN useradd -m -d /opt/rdpgw -u 1001 -c "rdgw" rdgw && \
+    mv server.pem /opt/rdpgw/server.pem && \
+    mv key.pem /opt/rdpgw/key.pem && \
+    chown -R 1001 /opt/rdpgw && \
+    chmod +x /opt/rdpgw/rdpgw
+
+USER 1001
+WORKDIR /opt/rdpgw
+ENTRYPOINT /opt/rdpgw/rdpgw

dev/docker/docker-compose.yml

@@ -0,0 +1,48 @@
+version: '3.4'
+
+volumes:
+  mysql_data:
+      driver: local
+  realm-export.json:
+
+services:
+  keycloak:
+      image: quay.io/keycloak/keycloak:11.0.0
+      hostname: keycloak
+      volumes:
+        - ${PWD}/realm-export.json:/export/realm-export.json
+      environment:
+        KEYCLOAK_USER: admin
+        KEYCLOAK_PASSWORD: admin
+        KEYCLOAK_IMPORT: /export/realm-export.json
+      ports:
+        - 8080:8080
+      restart: on-failure
+      healthcheck:
+        test: ["CMD", "curl", "-f", "http://localhost:8080/auth"]
+        interval: 30s
+        timeout: 3s
+        retries: 10
+        start_period: 5s
+  xrdp:
+      hostname: xrdp
+      image: rattydave/docker-ubuntu-xrdp-mate-custom:20.04
+      ports:
+        - 3389:3389
+      restart: on-failure
+      volumes:
+        - ${PWD}/xrdp_users.txt:/root/createusers.txt
+      environment:
+        TZ: "Europe/London"
+  rdpgw:
+      build: .
+      ports:
+        - 9443:9443
+      restart: on-failure
+      depends_on:
+        - keycloak
+      healthcheck:
+        test: ["CMD", "curl", "-f", "http://keycloak:8080"]
+        interval: 30s
+        timeout: 10s
+        retries: 10

dev/docker/rdpgw.yaml

@@ -0,0 +1,21 @@
+server:
+ certFile: /opt/rdpgw/server.pem
+ keyFile: /opt/rdpgw/key.pem
+ gatewayAddress: localhost:9443
+ port: 9443
+ hosts:
+  - xrdp:3389
+ roundRobin: false 
+ sessionKey: thisisasessionkeyreplacethisjetz
+ sessionEncryptionKey: thisisasessionkeyreplacethisnunu
+openId:
+ providerUrl: http://keycloak:8080/auth/realms/rdpgw
+ clientId: rdpgw
+ clientSecret: 01cd304c-6f43-4480-9479-618eb6fd578f
+client:
+ usernameTemplate: "{{ username }}"
+ networkAutoDetect: 0
+ bandwidthAutoDetect: 1
+ ConnectionType: 6
+security:
+  tokenSigningKey: prettypleasereplacemeinproductio

dev/docker/xrdp_users.txt

@@ -0,0 +1 @@
+admin:admin:Y