Nginx 后面的 KASM 独立服务无法访问：Websocket 错误或无效的 HTTP 版本

KASM 拥有他们在“工作空间”中使用的 GUI 服务的 Docker 映像。我只对其中之一感兴趣：Desktop，但我认为它们的功能都或多或少相同。我制作了这个 Docker Compose 来尝试启动它：

services:
  kasmweb:
    image: kasmweb/desktop:1.15.0-rolling-weekly
    container_name: kasmweb
    ports:
        - 6901:6901
    stdin_open: true
    tty: true
    shm_size: '2gb'
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /etc/timezone:/etc/timezone:ro
    devices:
      - /dev/dri:/dev/dri
    env_file: /dockerfiles/kasmweb.env
    networks:
      - public

networks:
  public:
    external: true

它运行时确实会出现与处于独立状态且未连接到 KASM 工作区相关的错误。他们在文档中提到的一个环境变量是

VNC_PW=password

，我假设它又用于基本 HTTP 身份验证。默认值未更改：

User : kasm_user
Password: password

转到 https://server-host:6901 将使您在浏览器中进入桌面 GUI，并且它将顺利工作：

因为我想保护我的服务，所以我禁用了端口，因此只能通过 NPM 访问服务并为代理主机启用 Websockets。您将再次进入 HTTP 身份验证，但即使使用正确的凭据，它也会出错：

 2024-10-17 10:41:04,174 [INFO] websocket 8: got client connection from 172.19.0.15
 2024-10-17 10:41:04,186 [DEBUG] websocket 8: using SSL socket
 2024-10-17 10:41:04,195 [DEBUG] websocket 8: X-Forwarded-For ip '192.168.20.59'
 2024-10-17 10:41:04,195 [INFO] websocket 8: Authentication attempt failed, BasicAuth required, but client didn't send any
 2024-10-17 10:41:04,195 [INFO] websocket 8: 172.19.0.15 192.168.20.59 - "GET / HTTP/1.1" 401 158
 2024-10-17 10:41:04,195 [DEBUG] websocket 8: No connection after handshake
 2024-10-17 10:41:04,195 [DEBUG] websocket 8: handler exit

由于某种原因，NPM 没有将凭证转发到 KASM 主机。所以我将其添加到 NPM 自定义配置中：

location / {
    proxy_pass https://kasmweb:6901;
    proxy_set_header Authorization "Basic a2FzbV91c2VyOnBhc3N3b3Jk";
    proxy_pass_header Authorization;
}

KASM容器上的错误如下：

 2024-10-17 13:44:45,623 [INFO] websocket 56: got client connection from 172.19.0.15
 2024-10-17 13:44:45,634 [DEBUG] websocket 56: using SSL socket
 2024-10-17 13:44:45,634 [DEBUG] websocket 56: X-Forwarded-For ip '192.168.20.59'
 2024-10-17 13:44:45,639 [DEBUG] websocket 56: BasicAuth matched
 2024-10-17 13:44:45,639 [DEBUG] websocket 56: Invalid WS request, maybe a HTTP one
 2024-10-17 13:44:45,639 [DEBUG] websocket 56: Requested file '/index.html'
 2024-10-17 13:44:45,640 [INFO] websocket 56: 172.19.0.15 192.168.20.59 kasm_user "GET /index.html HTTP/1.1" 200 24135
 2024-10-17 13:44:45,640 [DEBUG] websocket 56: No connection after handshake
 2024-10-17 13:44:45,640 [DEBUG] websocket 56: handler exit

因此身份验证正在工作，但 Websockets 仍然无法工作。 NPM 中启用了 Websockets 功能。另外，我确实尝试了以下方法，但出现了相同的错误：

location / {
    proxy_pass https://kasmweb:6901;
    proxy_set_header Authorization "Basic a2FzbV91c2VyOnBhc3N3b3Jk";
    proxy_pass_header Authorization;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_http_version 1.1;
}

我的目标是使用 Authentik 反向代理身份验证作为沙箱来运行 Linux 桌面 Web GUI。

如何解决此 WS 错误并使用 NPM 访问 KASM 服务？

location / {
    proxy_pass https://kasmweb:6901;
    proxy_set_header Authorization "Basic a2FzbV91c2VyOnBhc3N3b3Jk";
    proxy_pass_header Authorization;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-Scheme $scheme;
    proxy_set_header X-Forwarded-Proto  $scheme;
    proxy_set_header X-Forwarded-For    $remote_addr;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $http_connection;
    proxy_http_version 1.1;
}