# RDP gateway # RDP Gateway Docker Installation ## Introduction Soffid allows you to deploy a new docker container with the **RDP gateway**. The configuration is similar to the sync server configuration. ### Prerequisites The RDP Service is only released as a docker service. 1. Install docker ( [https://docs.docker.com/install/](https://docs.docker.com/install/) ) 2. Install Soffid PAM (store container and launcher container)
You can visit the [PAM Jump Server Installation page](https://bookstack.soffid.com/books/pam-install-config/page/pam-jump-server-installation) for more information about how to install PAM
3. Create a Docker network(\*), that network allows you to connect containers to the same bridge network to communicate: ``` sudo docker network create -d bridge NETWORKNAME ``` *\* You can use the same network defined in the Console and Sync Server installation to avoid visibility problems.* ## Installation The steps required to install RDP container are: ### 1. Create a user We need to create a user in the pam store container. To do this, we need to connect to the store container. ```shell sudo docker exec -it soffid-pam-store /bin/bash ``` Once, we are connected to the container, we need to run a script to create the user. This script has two parameters, the user name, and the role. We have to type launcher in the role parameter ```shell root@soffid-pam-store:/# /opt/soffid/tomee/bin/add-user.sh proxyrdptest launcher Password: c4ZRcmgemq3nMr1VQJCD1pJRhPbdX5hrmmrP6RX7zBE4HSs3RV3+cGwDdL1WaaqZ root@soffid-pam-store:/# ``` As a result of the script, we receive the password for the created user. This password will be needed later when we create the container. ### 2. Create volume We need to create a volume that will be used by the docker container ```shell sudo docker volume create soffid-rdp ``` ### 3. Create a docker container Finally, we need to execute the command to create the rdp gateway container ```shell docker run \ --name soffid-rdp \ -e SOFFID_SERVER=https://iam-sync.soffidnet:1760 \ -e SOFFID_USER=admin \ -e SOFFID_PASS=changeit \ -e SOFFID_HOSTNAME=rdp-gateway \ -e STORE_SERVER=http://soffid-pam-store:8080 \ -e STORE_PASSWORD=/Dp77Kho5QB2vVKjNNGmXYLzVa6PoPWJ8p0E4O7EP++9/ZM+l3cieGKMRSgOnFCMc \ -e STORE_USER=proxyrdp \ -v soffid-rdp:/opt/soffid/iam-sync/conf \ --privileged \ --shm-size=1024m \ -p 3389:3389 \ --network=soffidnet.intenal \ soffid/pam-rdp:1.4.2 ``` ##### Environment Variables To create the new SSH container you need to set the following environment variables:**Variable** | **Description** | **Example** |
SOFFID\_SERVER | Sync Server URL | https://syncserver01.soffid.com:1760 |
SOFFID\_USER | Soffid user to join the security domain | admin |
SOFFID\_PASSWORD | Soffid user password | changeit |
SOFFID\_HOSTNAME | The hostname used to access the ssh gateway | ssh-gateway |
STORE\_SERVER | Store URL | http://soffid.pat.pam:8082 |
STORE\_PASSWORD | Password received when you created the user in the store container. | \*\*\*\*\*\*\*\*\*\*\*\* |
STORE\_USER | Store user | proxyrdp |
You can visit the [PAM Jump Server Installation page](https://bookstack.soffid.com/books/pam-install-config/page/pam-jump-server-installation-u6p) for more information about how to install PAM
## Installation The steps required to install RDP container are: ### 1. Create a user We need to create a user in the pam store container. To do this, we need to connect to the store container. ```shell sudo docker exec -it soffid-pam-store /bin/bash ``` Once, we are connected to the container, we need to run a script to create the user. This script has two parameters, the user name, and the role. We have to type launcher in the role parameter ```shell root@soffid-pam-store:/# /opt/soffid/tomee/bin/add-user.sh proxyrdp-user launcher Password: c4ZRcmgemq3nMr1VQJCD1pJRhPbdX5hrmmrP6RX7zBE4HSs3RV3+cGwDdL1WaaqZ root@soffid-pam-store:/# ``` As a result of the script, we receive the password for the created user. This password will be needed later when we create the container. ### 2. Execute the YAML ```yaml version: '3.8' services: ssh-gateway: image: soffid/pam-rdp:1.4.47 environment: SOFFID_SERVER: https://syncserver01.soffid.com:1760 SOFFID_USER: admin SOFFID_PASS: admin123 SOFFID_HOSTNAME: rdp-gateway-2 STORE_SERVER: https://soffid-pam-store:8443 STORE_PASSWORD: c4ZRcmgemq3nMr1VQJCD1pJRhPbdX5hrmmrP6RX7zBE4HSs3RV3+cGwDdL1WaaqZ STORE_USER: proxyrdp ports: - "2222:22" networks: - network volumes: - rdp-gateway-data:/opt/soffid/iam-sync/conf networks: network: name: netcompose driver: bridge volumes: rdp-gateway-data: name: compose-rdp-gateway-data ``` Execute: ```shell sudo docker compose up -d ``` ##### Environment Variables To create the new SSH container you need to set the following environment variables:**Variable** | **Description** | **Example** |
SOFFID\_SERVER | Sync Server URL | https://syncserver01.soffid.com:1760 |
SOFFID\_USER | Soffid user to join the security domain | admin |
SOFFID\_PASSWORD | Soffid user password | changeit |
SOFFID\_HOSTNAME | The hostname used to access the ssh gateway | ssh-gateway |
STORE\_SERVER | Store URL | http://soffid.pat.pam:8082 |
STORE\_PASSWORD | Password received when you created the user in the store container. | \*\*\*\*\*\*\*\*\*\*\*\* |
STORE\_USER | Store user | proxyrdp |