Before this environment can be run, some manual configuration steps should be done.
Create a RSA key an save as server/rsa_key file. This key will be used to cypher all sensible settings, so store it in a safe place. If you loose this file you must recreate all the secrets. For example:
ssh-keygen -t rsa -m pem -b 2048 -f server/rsa_key
chmod 600 server/rsa_key
This docker compose environment uses Caddy to manage HTTP/HTTPS access and SSL certificates. In order to setup
a valid certificate chain, you should copy caddy/Caddyfile.template file to caddy/Caddyfile and change DOMAIN_NAME with a full qualified domain
name pointing to the public ip running the environment.
If Caddy detects a fqdn it will try to create a valid SSL certificate, if it detects a local/internal ip it will create self signeg certicates (https://caddyserver.com/docs/automatic-https)
In order to comunicate with uds broker the guacamole and uds tunnel server must have a valid token. This token can be any hash under 48 characters. Generate this chain with any tool you want. In python you can use:
import hashlib
import secrets
hashlib.sha256(secrets.token_bytes(32)).hexdigest()[:48]
Go to the cloned directory and run
docker compose up -d
Open a shell in the udsbroker service (docker exec -it dockercompose_udsbroker_1 bash) and run
python manage.py migrate
python manage.py collectstatic
Open a shell in the udsbroker service and run
python manage.py shell
>>> import datetime
>>> from uds.models.tunnel_token import TunnelToken
>>> token=YOUR_GENERATED_TOKEN
>>> tunnel=YOUR_DOCKER_COMPOSE_SERVER_IP
>>> TunnelToken.objects.create(ip=tunnel, token=token,stamp=datetime.datetime.now())
Edit guacamoletunnel/guacamole.properties and uds-tunnel/udstunnel.conf files to replace GENERATED_TOKEN literal with the created token.
UDS uses dedicated clients to provide RDP connections. The easiest way to get those clients is openning an account in UDSenterprise.com and download from there.
Once dowloaded save in dockecompose/clients folder.