zydronium/rdpgw
1
0
Fork 0
mirror of https://github.com/bolkedebruin/rdpgw.git synced 2025-08-17 14:03:50 +02:00
Code Issues Projects Releases Packages Wiki Activity
Remote Desktop Gateway in Go for deploying on Linux/BSD/Kubernetes
58 commits 4 branches 9 tags 574 KiB
Find a file
Bolke de Bruin 39c73fc8fc Use context
2020-07-25 11:48:11 +02:00
.github/workflows Add more documentation 2020-07-18 19:42:06 +02:00
api Use context 2020-07-25 11:48:11 +02:00
config Use encryption for cookies 2020-07-24 16:22:13 +02:00
protocol Use context 2020-07-25 11:48:11 +02:00
security Switch to jwt tokens and allow some extra rdp settings 2020-07-24 11:54:43 +02:00
transport Add states and more verifications 2020-07-20 18:51:00 +02:00
go.mod Switch to jwt tokens and allow some extra rdp settings 2020-07-24 11:54:43 +02:00
LICENSE Add license file 2020-07-13 13:06:57 +02:00
main.go Use encryption for cookies 2020-07-24 16:22:13 +02:00
README.md Use encryption for cookies 2020-07-24 16:22:13 +02:00

README.md

GO Remote Desktop Gateway

Go

Star us on GitHub — it helps!

RDPGW is an implementation of the Remote Desktop Gateway protocol. This allows you to connect with the official Microsoft clients to remote desktops over HTTPS. These desktops could be, for example, XRDP desktops running in containers on Kubernetes.

AIM

RDPGW aims to provide a full open source replacement for MS Remote Desktop Gateway, including access policies.

How to build

cd rdpgw
go build -o rdpgw .

Configuration

By default the configuration is read from rdpgw.yaml. Below is a template.

# web server configuration. 
server:
 # TLS certificate files (required)
 certFile: server.pem
 keyFile: key.pem
 # gateway address advertised in the rdp files
 gatewayAddress: localhost
 # port to listen on
 port: 443
 # list of acceptable desktop hosts to connect to
 hosts:
  - localhost:3389
  - my-{{ preferred_username }}-host:3389
  # Allow the user to connect to any host (insecure)
  - any 
 # if true the server randomly selects a host to connect to
 roundRobin: false 
 # a random strings of at least 32 characters to secure cookies on the client
 # make sure to share this across the different pods
 sessionKey: thisisasessionkeyreplacethisjetzt
 sessionEncryptionKey: thisisasessionkeyreplacethisnunu!
# Open ID Connect specific settings
openId:
 providerUrl: http://keycloak/auth/realms/test
 clientId: rdpgw
 clientSecret: your-secret
# enabled / disabled capabilities
caps:
 smartCardAuth: false
 tokenAuth: true
 # connection timeout in minutes, 0 is limitless
 idleTimeout: 10
 enablePrinter: true
 enablePort: true
 enablePnp: true
 enableDrive: true
 enableClipboard: true
client:
  usernameTemplate: "{{ username }}@bla.com"
  # rdp file settings see: 
  # https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/rdp-files
  networkAutoDetect: 0
  bandwidthAutoDetect: 1
  ConnectionType: 6
security:
  # a random string of at least 32 characters to secure cookies on the client
  # make sure to share this amongst different pods
  tokenSigningKey: thisisasessionkeyreplacethisjetzt

Use

Point your browser to https://your-gateway/connect. After authentication and RDP file will download to your desktop. This file can be opened by one of the remote desktop clients and it will try to connect to the gateway and desktop host behind it.

TODO

  • Integrate Open Policy Agent
  • Integrate GOKRB5
  • Integrate uber-go/zap
  • Integrate prometheus
  • Research: TLS defragmentation