SupraRBI-HTTPS is a Remote Browser Isolation (RBI) solution with web/https front end, based on guacamole-server and SupraRBI-VNC with docker.
SupraRBI-HTTPS provides a web portal for direct user access and an API for integration with network/security solutions (e.g. gateway, proxy).
sudo docker compose up -d
SupraRBI-HTTPS Web Portal lists all resources provided by the administration, organized by groups. When a user accesses SupraRBI-HTTPS Web Portal with a browser, each time she clicks the icon of a resource, a corresponding RBI session will be presented in a new tab.
Each time the SupraRBI-HTTPS server gets a valid RBI request, it will respond with Status Code 302 and a URL for the corresponding RBI session. End users can access the RBI seesion from a browser with the URL.
Please check API specification for detailed info.
SupraRBI-HTTPS is built with Service-Oriented Architecture (SOA) on docker, with mounts to the host for persistant storage (cofigurations, logs, icons.) and cross-service sharing (temp files for user uploads).
- Tmp, /opt/supra/rbi/data/temp/: temp files for user uploads
- Logs, /opt/supra/rbi/logs/: log files
- Certificate, /opt/supra/rbi/cert: certificate(tls.cert) and key(tls.key) for HTTPS. If not provided, a self-signed certificate and key will be automatically generated.
- Configs, /opt/supra/rbi/conf/: configuration files
-
Token, token.json: list of strings as valid tokens. Each API request for a RBI seesion MUST have a valid token.
-
Policy, policy/: file name as policy name (*.json), defining the policy to enforce for corresponding RBI sessions with key-value pairs as the value of key "rule".
- keyboard: whether the user is allowed to input with keyboard, 1 for allowed, 0 for not allowed. Default value is 0 if not set.
- mouse: whether the user is allowed to input with mouse, 1 for allowed, 0 for not allowed. Default value is 0 if not set.
- download: whether the user is allowed to download files, 1 for allowed, 0 for not allowed. Default value is 0 if not set.
- upload: whether the user is allowed to upload files, 1 for allowed, 0 for not allowed. Default value is 0 if not set.
- copy: whether the user is allowed to copy into the RBI seesion, 1 for allowed, 0 for not allowed. Default value is 0 if not set.
- paste: whether the user is allowed to paste out from the RBI session, 1 for allowed, 0 for not allowed. Default value is 0 if not set.
- idleTime: number of minutes to terminate the RBI session if the user stays idle and does not have any activity, default value is 15 if not set.
Note: Each resource in resource.json or each API request for a RBI seesion SHOULD specify the name of a policy to be enforced, If not specified, the default policy defined by default.json will be applied.
-
Resource, resource.json: list of resources in Web Portal.
- name: resource name presented in Web Portal, no default value.
- url: target url with the resource, no default value.
- icon: name of the icon file, no default value.
- group: name of the group that the resource is organized in Web Portal, default value is "Default" if not set.
- policy: name of the policy applied to RBI sessions for this resource, default value is "default" if not set.
- autofill: key-value pairs for autofill with projector-supra-web, no default value and blank if not set.
-
license, license.json: license file for projector-supra-web when used.
-
Autofill, autofill/: file name as site name (*.json) for autofill with projector-supra-web, please check Autofill with SupraRBI-VNC for detailed info.
-
Guacd, guacd_settings.conf: optional file with default settings for guacd, please check VNC Settings for Guacamole for detailed info.
-
- Icons, /opt/supra/rbi/icons/: icon files for resources in Web Portal, specified in resource.json for each resource.
- rbi-portal: web/https front end with Nginx.
- rbi-admin: app server with Java.
- resc-agent: guacamole-server for VNC connections to SupraRBI-VNC server.
Note: the official guacamole/guacd image has an issue with auto resize, and it is recommanded to use supraaxes/supra-guacd image customized by SupraAXES Inc. before the issue is officially fixed. - vnc-rbi: SupraRBI-VNC server.
- projector-chrome: open-source projector image with Chrome in kiosk mode.
- projector-supra-web: customized projector image from SupraAXES Inc.