sendnrw/rdpgw
2
0
Fork 0
mirror of https://github.com/bolkedebruin/rdpgw.git synced 2026-05-13 03:40:01 +00:00
Code Issues Packages Projects Releases Wiki Activity
315 Commits 6 Branches 11 Tags
7d1b9af8588228991305803df9c67ff839c645ad
Commit Graph

44 Commits

Author SHA1 Message Date
Bolke de Bruin
7d1b9af858 Drop baked-in TLS cert, run as 1001, refuse known placeholder secrets 
The dev container image generated a TLS keypair at build time and
shipped it inside the image, so every pull of the same image tag was
serving the same private key. The entrypoint also reverted to USER 0
to support a dead `createusers.txt` loop and a `chmod u+s` that was a
no-op (set on a binary owned by 1001). Net result was that any RCE
in the gateway landed as root and the wire-trust posture relied on a
shared private key.

Stop generating the cert at build time: the runtime image now carries
openssl and the entrypoint mints an ephemeral self-signed cert at
first start when no cert is mounted at the configured path. Each
container instance gets its own key. Drop USER 0 entirely; the
entrypoint runs as 1001 throughout. Prune the dead createusers loop
and the `chmod u+s`.

Separately, the README and the dev compose files publish a small set
of literal placeholder values for SessionKey, SessionEncryptionKey,
and the various Token*Key fields. Operators copy-paste these into
real deployments. Refuse to start when any of those literals appear
in the corresponding config field.
 2026-04-30 19:09:15 +02:00
Bolke de Bruin
55f528ae15 Fix docker file again 2025-09-25 16:15:02 +02:00
Bolke de Bruin
3f73572bcc Fix docker file 2025-09-25 16:02:31 +02:00
Bolke de Bruin
21a88d2dea Add webinterface 2025-09-25 15:33:46 +02:00
bolkedebruin
e5302e3795 Install CA certificates in Dockerfile stages 2025-09-23 14:43:17 +02:00
Bolke de Bruin
c99b4ee58b fix: make docker build again 2025-09-05 14:39:45 +02:00
Chao-Jui Chang
10722d7105 Add tzdata package for showing local time in log (#149) 2025-07-15 12:08:50 +02:00
Bolke de Bruin
531af7d2d5 Fix run script to forward command line options 2024-03-30 11:30:28 +01:00
Bolke de Bruin
37c14c4615 Add local docker compose 2024-03-19 13:49:41 +01:00
Bolke de Bruin
79f8d8f545 Add local PAM docker-compose 2024-03-19 09:25:15 +01:00
Bolke de Bruin
c45d57f0c1 Fix readme 2024-03-18 14:15:55 +01:00
Bolke de Bruin
a21b266e0d Add run 2024-03-18 14:11:40 +01:00
Bolke de Bruin
841c688df0 Fix docker 2024-03-18 14:10:06 +01:00
Bolke de Bruin
e939275a8a Make dynamic 2024-03-18 14:09:22 +01:00
Bolke de Bruin
1b1d54b572 Debug 2024-03-18 14:03:18 +01:00
Bolke de Bruin
91e382c586 Move to more flexibility in image 2024-03-18 13:36:41 +01:00
Bolke de Bruin
f75321f6b7 Base on alpine and run both rdpgw-auth and gateway 2024-03-18 13:26:24 +01:00
Bolke de Bruin
cb7f09debb Reduce intervals 2024-03-18 12:19:24 +01:00
Bolke de Bruin
32693f4197 Update images 2024-03-18 12:07:56 +01:00
Aaron Burchfield
4cb8216c49 docker compose command must be a list (#93) 2023-12-19 13:19:45 +01:00
Bolke de Bruin
6b32631434 Finalize rdp templating 2023-05-15 10:43:38 +02:00
tobsec
1ff38730d2 Upgrade Keycloak dependency (#60) 
* Change ownership not working for key.pem
* Fix Keycloak not importing realm, default path of keycloak to /auth
* Set default path of keycloak to /auth
 2022-11-17 10:43:59 +01:00
Bolke de Bruin
19e9e3269d Fix auth function setup 2022-08-26 11:42:10 +02:00
Bolke de Bruin
c76de478e2 Fix openid 2022-08-26 11:27:11 +02:00
Bolke de Bruin
f94e73b1ec Fix some issues with gateway addresses 2022-08-26 10:06:43 +02:00
Bolke de Bruin
50f6d343f1 Make docker image use sratch 2022-08-26 09:46:59 +02:00
Bolke de Bruin
6499f9b7a5 Remove config item that does not exist 2022-08-18 13:55:22 +02:00
Bolke de Bruin
40d9cdda57 Make config more docker friendly 2022-08-16 14:54:31 +02:00
Bolke de Bruin
bdd0155dbb Switch to uppercase due to koanf 2022-08-11 14:43:30 +02:00
bolkedebruin
954ad4dc4c Allow cookie in standard docker rdpgw config 2022-08-09 11:11:34 +02:00
Bolke de Bruin
bd876d2df8 Add xrdp config that works with macos client out of the box 2022-08-08 14:19:28 +02:00
Bolke de Bruin
dfb82889d3 Add error coes and better protocol handling 2022-08-07 12:03:44 +02:00
Bolke de Bruin
6917beb0d2 Testing 2022-08-06 11:45:48 +02:00
Azathoth88
281cf1283c Update docker-compose.yml to fix typo (#39) 2022-04-04 11:55:40 +02:00
alphabet5
db9dfe3424 Add container names docker-compose files (#38) 2022-03-21 10:52:07 +01:00
Jelte van Woudenbergh
2a11a23586 fixed typos and add new line in last line 2022-02-04 15:40:28 +01:00
Jelte van Woudenbergh
45132813c2 Added root CA's 2022-01-05 11:44:54 +01:00
Jelte van Woudenbergh
2fcead680c Multistage dockerfile. 
Result image size from 750MB to 16MB
 2022-01-05 10:36:29 +01:00
Bolke de Bruin
bd10329828 Add arm64 docker-build 2021-12-25 13:41:56 +01:00
Krzysztof Adamski
7f56569d42 fix docker build 2021-12-22 08:16:40 +01:00
Bolke de Bruin
8876b04466 Allow default domain 2020-08-31 21:40:29 +02:00
Alessandro Pilotti
c971db956b Use go 1.14.7 in Dockerfile 2020-08-28 19:00:25 +02:00
Alessandro Pilotti
336cdfd3ee Fix sample rdpgw.yaml 
Rename tokenSigningKey to PAATokenSigningKey
 2020-08-28 18:44:27 +02:00
Krzysztof Adamski
94acec7529 Add local docker test environment (#1) 
* local docker test environment with keycloak and xrdp

Co-authored-by: Krzysztof Adamski <krzysztof.adamski@ing.com>
 2020-07-28 08:49:58 +02:00