KASM 拥有他们在“工作空间”中使用的 GUI 服务的 Docker 映像。我只对其中之一感兴趣:Desktop,但我认为它们的功能都或多或少相同。我制作了这个 Docker Compose 来尝试启动它:
services:
kasmweb:
image: kasmweb/desktop:1.15.0-rolling-weekly
container_name: kasmweb
ports:
- 6901:6901
stdin_open: true
tty: true
shm_size: '2gb'
volumes:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
devices:
- /dev/dri:/dev/dri
env_file: /dockerfiles/kasmweb.env
networks:
- public
networks:
public:
external: true
它运行时确实会出现与处于独立状态且未连接到 KASM 工作区相关的错误。他们在文档中提到的一个环境变量是
VNC_PW=password
,我假设它又用于基本 HTTP 身份验证。默认值未更改:
User : kasm_user
Password: password
转到 https://server-host:6901 将使您在浏览器中进入桌面 GUI,并且它将顺利工作:
因为我想保护我的服务,所以我禁用了端口,因此只能通过 NPM 访问服务并为代理主机启用 Websockets。您将再次进入 HTTP 身份验证,但即使使用正确的凭据,它也会出错:
2024-10-17 10:41:04,174 [INFO] websocket 8: got client connection from 172.19.0.15
2024-10-17 10:41:04,186 [DEBUG] websocket 8: using SSL socket
2024-10-17 10:41:04,195 [DEBUG] websocket 8: X-Forwarded-For ip '192.168.20.59'
2024-10-17 10:41:04,195 [INFO] websocket 8: Authentication attempt failed, BasicAuth required, but client didn't send any
2024-10-17 10:41:04,195 [INFO] websocket 8: 172.19.0.15 192.168.20.59 - "GET / HTTP/1.1" 401 158
2024-10-17 10:41:04,195 [DEBUG] websocket 8: No connection after handshake
2024-10-17 10:41:04,195 [DEBUG] websocket 8: handler exit
由于某种原因,NPM 没有将凭证转发到 KASM 主机。所以我将其添加到 NPM 自定义配置中:
location / {
proxy_pass https://kasmweb:6901;
proxy_set_header Authorization "Basic a2FzbV91c2VyOnBhc3N3b3Jk";
proxy_pass_header Authorization;
}
KASM容器上的错误如下:
2024-10-17 13:44:45,623 [INFO] websocket 56: got client connection from 172.19.0.15
2024-10-17 13:44:45,634 [DEBUG] websocket 56: using SSL socket
2024-10-17 13:44:45,634 [DEBUG] websocket 56: X-Forwarded-For ip '192.168.20.59'
2024-10-17 13:44:45,639 [DEBUG] websocket 56: BasicAuth matched
2024-10-17 13:44:45,639 [DEBUG] websocket 56: Invalid WS request, maybe a HTTP one
2024-10-17 13:44:45,639 [DEBUG] websocket 56: Requested file '/index.html'
2024-10-17 13:44:45,640 [INFO] websocket 56: 172.19.0.15 192.168.20.59 kasm_user "GET /index.html HTTP/1.1" 200 24135
2024-10-17 13:44:45,640 [DEBUG] websocket 56: No connection after handshake
2024-10-17 13:44:45,640 [DEBUG] websocket 56: handler exit
因此身份验证正在工作,但 Websockets 仍然无法工作。 NPM 中启用了 Websockets 功能。另外,我确实尝试了以下方法,但出现了相同的错误:
location / {
proxy_pass https://kasmweb:6901;
proxy_set_header Authorization "Basic a2FzbV91c2VyOnBhc3N3b3Jk";
proxy_pass_header Authorization;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_http_version 1.1;
}
我的目标是使用 Authentik 反向代理身份验证作为沙箱来运行 Linux 桌面 Web GUI。
如何解决此 WS 错误并使用 NPM 访问 KASM 服务?
location / {
proxy_pass https://kasmweb:6901;
proxy_set_header Authorization "Basic a2FzbV91c2VyOnBhc3N3b3Jk";
proxy_pass_header Authorization;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Scheme $scheme;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_http_version 1.1;
}
感谢此讨论,这对 Nginx 代理管理器有效,并且可以立即连接。 将其包含在 authentik 配置中会破坏它