Simplification Web-Gateway
This commit is contained in:
Serge NOEL
@@ -7,9 +7,11 @@ HTML5 WebSocket-based gateway for accessing RDP connections through a web browse
|
||||
- 🌐 **Browser-Based Access** - Connect to RDP sessions from any modern web browser
|
||||
- 🔒 **Secure WebSocket** - Real-time bidirectional communication
|
||||
- 🎨 **Modern UI** - Clean, responsive interface
|
||||
- 🔑 **Session Management** - Automatic session cleanup and timeout
|
||||
- 📊 **Activity Monitoring** - Track active connections
|
||||
- 🔑 **Simplified Authentication** - Credentials passed directly to RdpBroker
|
||||
- 📊 **Service Health Monitoring** - Automatic RdpBroker availability checks
|
||||
- 🎯 **Dynamic Target Loading** - Targets fetched from configuration or RdpBroker
|
||||
- ⚡ **Low Latency** - Optimized for performance
|
||||
- ☁️ **Kubernetes Native** - Console-only logging for cloud environments
|
||||
|
||||
## Architecture
|
||||
|
||||
@@ -63,10 +65,23 @@ Edit `.env` file:
|
||||
PORT=8080
|
||||
RDP_BROKER_HOST=rdpbroker
|
||||
RDP_BROKER_PORT=3389
|
||||
LOG_LEVEL=info
|
||||
SESSION_TIMEOUT=3600000
|
||||
NODE_ENV=production
|
||||
|
||||
# Optional: Pre-configure RDP targets (JSON array)
|
||||
# If not set, RdpBroker will provide targets dynamically
|
||||
RDP_TARGETS=[{"name":"Server1","host":"srv1.example.com","port":3389,"description":"Production Server"}]
|
||||
```
|
||||
|
||||
### Environment Variables
|
||||
|
||||
| Variable | Description | Default |
|
||||
|----------|-------------|---------|
|
||||
| `PORT` | Web server listening port | `8080` |
|
||||
| `RDP_BROKER_HOST` | RdpBroker hostname | `rdpbroker` |
|
||||
| `RDP_BROKER_PORT` | RdpBroker port | `3389` |
|
||||
| `RDP_TARGETS` | JSON array of pre-configured targets | `null` |
|
||||
| `NODE_ENV` | Environment mode | `development` |
|
||||
|
||||
## Usage
|
||||
|
||||
### Access the Web Interface
|
||||
@@ -78,43 +93,55 @@ SESSION_TIMEOUT=3600000
|
||||
|
||||
### API Endpoints
|
||||
|
||||
#### POST /api/auth/login
|
||||
Authenticate user and create session.
|
||||
|
||||
```json
|
||||
{
|
||||
"username": "user@domain.com",
|
||||
"password": "password"
|
||||
}
|
||||
```
|
||||
#### GET /health
|
||||
Health check endpoint for monitoring the web gateway.
|
||||
|
||||
Response:
|
||||
```json
|
||||
{
|
||||
"success": true,
|
||||
"sessionId": "uuid"
|
||||
"status": "healthy",
|
||||
"version": "1.0.0",
|
||||
"uptime": 12345
|
||||
}
|
||||
```
|
||||
|
||||
#### GET /api/broker-status
|
||||
Check if RdpBroker service is available.
|
||||
|
||||
Response:
|
||||
```json
|
||||
{
|
||||
"available": true,
|
||||
"broker": "rdpbroker:3389",
|
||||
"timestamp": "2025-12-04T10:30:00.000Z"
|
||||
}
|
||||
```
|
||||
|
||||
#### GET /api/targets
|
||||
Get available RDP targets (requires X-Session-ID header).
|
||||
Fetch available RDP targets.
|
||||
|
||||
Response:
|
||||
**Success Response (200):**
|
||||
```json
|
||||
{
|
||||
"targets": [
|
||||
{
|
||||
"name": "Server 01",
|
||||
"host": "192.168.1.10",
|
||||
"name": "Windows Server 2022",
|
||||
"host": "ws2022.example.com",
|
||||
"port": 3389,
|
||||
"description": "Production Server"
|
||||
"description": "Production Windows Server"
|
||||
}
|
||||
]
|
||||
],
|
||||
"timestamp": "2025-12-04T10:30:00.000Z"
|
||||
}
|
||||
```
|
||||
|
||||
#### POST /api/auth/logout
|
||||
Logout and destroy session (requires X-Session-ID header).
|
||||
**Service Unavailable (503):**
|
||||
```json
|
||||
{
|
||||
"error": "RdpBroker service is unavailable. Please contact your administrator.",
|
||||
"timestamp": "2025-12-04T10:30:00.000Z"
|
||||
}
|
||||
```
|
||||
|
||||
### WebSocket Protocol
|
||||
|
||||
@@ -126,7 +153,8 @@ Connect to `ws://localhost:8080/ws/rdp`
|
||||
```json
|
||||
{
|
||||
"type": "connect",
|
||||
"sessionId": "uuid",
|
||||
"username": "user@domain.com",
|
||||
"password": "password123",
|
||||
"target": {
|
||||
"name": "Server 01",
|
||||
"host": "192.168.1.10",
|
||||
@@ -209,20 +237,21 @@ helm install rdp-web-gateway ./chart/rdp-web-gateway -n rdpbroker
|
||||
- Firefox 88+
|
||||
- Safari 14+
|
||||
- Opera 76+
|
||||
|
||||
## Security Considerations
|
||||
|
||||
- Use HTTPS/WSS in production
|
||||
- Implement rate limiting
|
||||
- Set strong session secrets
|
||||
- Credentials are passed directly to RdpBroker (no storage in web-gateway)
|
||||
- Implement rate limiting at ingress level
|
||||
- Enable CORS restrictions
|
||||
- Regular security audits
|
||||
|
||||
- All authentication handled by RdpBroker → Samba ADs
|
||||
- Regular security audits
|
||||
## Performance Tuning
|
||||
|
||||
- Adjust session timeout based on usage
|
||||
- Configure WebSocket buffer sizes
|
||||
- Enable compression for HTTP responses
|
||||
- Use CDN for static assets in production
|
||||
- Enable HTTP compression (already included)
|
||||
- Adjust resource limits in Kubernetes
|
||||
- Use CDN for static assets in production
|
||||
|
||||
## Troubleshooting
|
||||
@@ -253,9 +282,21 @@ location /ws/ {
|
||||
proxy_set_header Connection "upgrade";
|
||||
}
|
||||
```
|
||||
|
||||
### High memory usage
|
||||
|
||||
Adjust resource limits in Kubernetes values.yaml
|
||||
|
||||
## Logging
|
||||
|
||||
All logs go to stdout/stderr for Kubernetes:
|
||||
|
||||
```bash
|
||||
# View logs
|
||||
kubectl logs -f deployment/rdp-web-gateway -n rdpbroker
|
||||
|
||||
# Follow logs for all pods
|
||||
kubectl logs -f -l app=rdp-web-gateway -n rdpbroker
|
||||
```
|
||||
Reduce session timeout or implement session limits per user.
|
||||
|
||||
## Development
|
||||
|
||||
Reference in New Issue
Block a user