Configuring Kasm Services to Use a Forward Proxy
- Justin
If Kasm is deployed in an environment where the user of a forward proxy is required for internet access, it may be necessary to update the Kasm deployment to use said proxies.
For example, if there is a desire to load a Kasm Registry, the admin may see a similar failure.
Registry Error: A valid url needs to be entered
Registry Error: There was a problem importing a registryInstructions
Get the CIDR Subnet of the
kasm_default_network
sudo docker network inspect kasm_default_network | grep Subnet
"Subnet": "172.18.0.0/16",Open the
docker-compose.yamlfile in an editor
sudo nano /opt/kasm/current/docker/docker-compose.yamlFor the relevant services (e.g
kasm_api) addhttp_proxy,https_proxyandno_proxyenvironment variables.http_proxyandhttps_proxyshould include the address of the desired forward proxy.no_proxyshould include thekasm_default_networksubnet as well aslocalhost, `127.0.0.1` and the hostnames of the other services. If this is a multi-server install, this may also include any other network segments that should not be forwarded through the proxy. All values comma delimited
Save the file when done.
kasm_api:
container_name: kasm_api
user: "${KASM_UID?}:${KASM_GID?}"
image: "kasmweb/api:develop"
read_only: true
environment:
https_proxy: https://google.com
http_proxy: http://google.com
no_proxy: "172.18.0.0/16,localhost,127.0.0.1,proxy,kasm_agent,kasm_manager,kasm_guac"
networks:
- kasm_default_network
volumes:
- /opt/kasm/1.15.0:/opt/kasm/current
- /opt/kasm/1.15.0/tmp/api:/tmp
depends_on:
- db
restart: always
logging:
driver: "json-file"
options:
max-size: "10m"
max-file: "20"Remove the modified service container (e.g
kasm_api) and restart the Kasm Services
sudo docker rm -f kasm_api
sudo /opt/kasm/bin/stop
sudo /opt/kasm/bin/startTroubleshooting
The following logs may be seen if the no_proxy header does not include all of the required addresses
The container’s local healthcheck fails causing the container to terminate and restart.
2023-12-05 17:46:24,419 [INFO] cherrypy.access.139959594436688: 172.18.0.9 - - [05/Dec/2023:17:46:24] "POST /api/get_usage_summary HTTP/1.1" 200 44 "https://192.168.56.107/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Edg/119.0.0.0"
2023-12-05 17:46:24,420 [INFO] cherrypy.access.139959594436688: 172.18.0.9 - - [05/Dec/2023:17:46:24] "POST /api/get_client_settings HTTP/1.1" 200 1194 "https://192.168.56.107/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Edg/119.0.0.0"
TerminatedVarious routines fail to make calls to other service containers
2023-12-05 17:49:57,314 [DEBUG] client_api_server: Requesting Hello for Server(5a10913f-1c32-47aa-99bd-218edc54e535) via URL: (https://proxy:443/agent/api/v1/hello/)
2023-12-05 17:49:57,334 [DEBUG] client_api_server: Error during Hello request for Server(5a10913f-1c32-47aa-99bd-218edc54e535) : (Traceback (most recent call last):
File "urllib/request.py", line 1354, in do_open
File "http/client.py", line 1256, in request
File "http/client.py", line 1302, in _send_request
File "http/client.py", line 1251, in endheaders
File "http/client.py", line 1011, in _send_output
File "http/client.py", line 951, in send
File "http/client.py", line 1418, in connect
File "http/client.py", line 927, in connect
File "http/client.py", line 901, in _tunnel
File "http/client.py", line 285, in _read_status
http.client.RemoteDisconnected: Remote end closed connection without response2023-12-05 17:49:57,314 [DEBUG] client_api_server: Requesting Hello for Server(5a10913f-1c32-47aa-99bd-218edc54e535) via URL: (https://proxy:443/agent/api/v1/hello/)
2023-12-05 17:49:57,334 [DEBUG] client_api_server: Error during Hello request for Server(5a10913f-1c32-47aa-99bd-218edc54e535) : (Traceback (most recent call last):
File "urllib/request.py", line 1354, in do_open
File "http/client.py", line 1256, in request
File "http/client.py", line 1302, in _send_request
File "http/client.py", line 1251, in endheaders
File "http/client.py", line 1011, in _send_output
File "http/client.py", line 951, in send
File "http/client.py", line 1418, in connect
File "http/client.py", line 927, in connect
File "http/client.py", line 901, in _tunnel
File "http/client.py", line 285, in _read_status
http.client.RemoteDisconnected: Remote end closed connection without responseRelated Resources