Running behind a reverse proxy
Run KasmVNC over HTTP first
Copy this code into
~/.vnc/kasmvnc.yaml:
network:
interface: 127.0.0.1
ssl:
require_ssl: false
udp:
public_ip: 127.0.0.1
Run
vncserver.Verify that KasmVNC is running over HTTP by navigating to http://localhost:8444.
Setting up a reverse proxy
Copy this configuration to /etc/nginx/sites-available/kasmvnc:
server {
listen 9443 ssl;
ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
location / {
# The following configurations must be configured when proxying to Kasm Workspaces
# WebSocket Support
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# Host and X headers
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Connectivity Options
proxy_http_version 1.1;
proxy_read_timeout 1800s;
proxy_send_timeout 1800s;
proxy_connect_timeout 1800s;
proxy_buffering off;
# Allow large requests to support file uploads to sessions
client_max_body_size 10M;
# # Proxy to KasmVNC using SSL
proxy_pass https://127.0.0.1:8444;
# Proxy to KasmVNC without SSL
# proxy_pass http://127.0.0.1:8444;
}
}
Please note that default Debian snakeoil certificates are used. The
configured certificates work on Debian-based systems, but not on others. Please
see /etc/kasmvnc/kasmvnc.yaml for certificate locations on for non-Debian-based systems.
The locations are at pem_certificate and pem_key keys.
Enable the configuration with
ln -s /etc/nginx/sites-available/kasmvnc /etc/nginx/sites-enabled/.Restart nginx with
systemctl restart nginx.Navigate to https://localhost:8443/, username/password is
kasm_user/vncpassword.