Skip to main content

RDP Gateway Docker Installation

Introduction

Soffid allows you to deploy a new docker container with the RDP gateway. The configuration is similar to the sync server configuration.

Prerequisites

The RDP Service is only released as a docker service.

1. Install docker ( https://docs.docker.com/install/ )

2. Install Soffid PAM (store container and launcher container) 

You can visit the PAM Jump Server Installation page for more information about how to install PAM

3. Create a Docker network(*), that network allows you to connect containers to the same bridge network to communicate:

sudo docker network create -d bridge NETWORKNAME

*  You can use the same network defined in the Console and Sync Server installation to avoid visibility problems.

Installation

The steps required to install RDP container are:

1. Create a user

We need to create a user in the pam store container. To do this, we need to connect to the store container.

sudo docker exec -it soffid-pam-store /bin/bash

Once, we are connected to the container, we need to run a script to create the user. This script has two parameters, the user name, and the role. We have to type launcher in the role parameter

root@soffid-pam-store:/# /opt/soffid/tomee/bin/add-user.sh proxyrdptest launcher
Password: c4ZRcmgemq3nMr1VQJCD1pJRhPbdX5hrmmrP6RX7zBE4HSs3RV3+cGwDdL1WaaqZ
root@soffid-pam-store:/#

As a result of the script, we receive the password for the created user. This password will be needed later when we create the container.

2. Create volume

We need to create a volume that will be used by the docker container

sudo docker volume create soffid-rdp

3. Create a docker container

Finally, we need to execute the command to create the rdp gateway container

docker run \
  --name soffid-rdp \
  -e SOFFID_SERVER=https://iam-sync.soffidnet:1760 \
  -e SOFFID_USER=admin \
  -e SOFFID_PASS=changeit \
  -e SOFFID_HOSTNAME=rdp-gateway \
  -e STORE_SERVER=http://soffid-pam-store:8080 \
  -e STORE_PASSWORD=/Dp77Kho5QB2vVKjNNGmXYLzVa6PoPWJ8p0E4O7EP++9/ZM+l3cieGKMRSgOnFCMc \
  -e STORE_USER=proxyrdp \
  -v soffid-rdp:/opt/soffid/iam-sync/conf \
  --privileged \
  --shm-size=1024m  \
  -p 3389:3389 \
  --network=soffidnet.intenal \
  soffid/pam-rdp:1.4.2
Environment Variables

To create the new SSH container you need to set the following environment variables:

Variable Description Example

SOFFID_SERVER

Sync Server URL

https://syncserver01.soffid.com:1760

SOFFID_USER

Soffid user to join the security domain

admin

SOFFID_PASSWORD

Soffid user password

changeit

SOFFID_HOSTNAME

The hostname used to access the ssh gateway

ssh-gateway

STORE_SERVER

Store URL

http://soffid.pat.pam:8082

STORE_PASSWORD

Password received when you created the user in the store container.

************

STORE_USER

Store user

proxyrdp