search

linuxserver / docker-kasm

Kasm Workspaces platform provides enterprise-class orchestration, data loss prevention, and web streaming technology to enable the delivery of containerized workloads to your browser.
GNU General Public License v3.0
299 stars 28 forks source link

[BUG] Can't access containers when behind Caddy reverse proxy #34

Closed megacorvega closed 1 year ago

megacorvega commented 1 year ago

Is there an existing issue for this?

REF: #27

Current Behavior

When running kasm behind a caddy reverse proxy (using the non standard 443 port), the containers become stuck on "Creating a secure connection..."

Expected Behavior

I have tested that the containers load and operate as intended if I use the fqdn of the host machine (eg. https://fqdn:4443), and not the proxied address.

Steps To Reproduce

Here is my caddy entry:

kasm.{$MY_DOMAIN} {
        reverse_proxy monolith.lan:4443 {
                transport http {
                        tls_insecure_skip_verify
                }
        }
        tls {
                dns cloudflare {env.CLOUDFLARE_API_TOKEN}
                resolvers 1.1.1.1
        }
}

Also to note, the web browser F12 output shows:

Firefox can’t establish a connection to the server at wss://kasm.<domain>.com:4443/desktop/e052a7c5-f250-45d8-837a-1ef835f8b60c/audio/.

This is repeated as it attempts to connect.

Environment

- OS: Pop!_OS 22.04
- How docker service was installed: installed using the apt repository

CPU architecture

x86-64

Docker creation

Command used:

docker compose up -d
$ cat docker-compose.yml
---
version: "2.1"
services:
  kasm:
    image: lscr.io/linuxserver/kasm:latest
    container_name: kasm
    privileged: true
    environment:
      - KASM_PORT=4443
      - DOCKER_HUB_USERNAME=<user> # redacted for this github issue
      - DOCKER_HUB_PASSWORD=<password> # redacted for this github issue
      - DOCKER_MTU=1500 #optional
    volumes:
      - /home/dd/nvme/kasm/opt:/opt
      - /home/dd/nvme/kasm/profiles:/profiles #optional
#      - /dev/input:/dev/input #optional, for gamepads
#      - /run/udev/data:/run/udev/data #optional, for gamepads
    ports:
      - 3000:3000
      - 4443:4443
    restart: unless-stopped

Container logs

kasm  | [migrations] started
kasm  | [migrations] no migrations found
kasm  | usermod: no changes
kasm  | ───────────────────────────────────────
kasm  |
kasm  |
kasm  |       ██╗     ███████╗██╗ ██████╗
kasm  |       ██║     ██╔════╝██║██╔═══██╗
kasm  |       ██║     ███████╗██║██║   ██║
kasm  |       ██║     ╚════██║██║██║   ██║
kasm  |       ███████╗███████║██║╚██████╔╝
kasm  |       ╚══════╝╚══════╝╚═╝ ╚═════╝
kasm  |
kasm  |
kasm  |    Brought to you by linuxserver.io
kasm  | ───────────────────────────────────────
kasm  |
kasm  |
kasm  | To support LSIO projects visit:
kasm  | https://www.linuxserver.io/donate/
kasm  |
kasm  |
kasm  | ───────────────────────────────────────
kasm  | GID/UID
kasm  | ───────────────────────────────────────
kasm  |
kasm  |
kasm  | User UID:    911
kasm  | User GID:    911
kasm  | ───────────────────────────────────────
kasm  |
kasm  |
kasm  | WARNING! Using --password via the CLI is insecure. Use --password-stdin.
kasm  | Get "https://registry-1.docker.io/v2/": unauthorized: incorrect username or password
kasm  | [custom-init] No custom files found, skipping...
kasm  | [ls.io-init] done.
kasm  | time="2023-07-17T17:51:12.663433006Z" level=error msg="failed to initialize a tracing processor \"otlp\"" error="no OpenTelemetry endpoint: skip plugin"
kasm  | time="2023-07-17T17:51:13.778345046Z" level=info msg="loading plugin \"io.containerd.event.v1.publisher\"..." runtime=io.containerd.runc.v2 type=io.containerd.event.v1
kasm  | time="2023-07-17T17:51:13.778383792Z" level=info msg="loading plugin \"io.containerd.internal.v1.shutdown\"..." runtime=io.containerd.runc.v2 type=io.containerd.internal.v1
kasm  | time="2023-07-17T17:51:13.778391697Z" level=info msg="loading plugin \"io.containerd.ttrpc.v1.task\"..." runtime=io.containerd.runc.v2 type=io.containerd.ttrpc.v1
kasm  | time="2023-07-17T17:51:13.778507604Z" level=info msg="starting signal loop" namespace=moby path=/run/docker/containerd/daemon/io.containerd.runtime.v2.task/moby/36259c10fffd12483bef7a4ed2dc71bca368c3142e0256f7e5c0247383002aec pid=417 runtime=io.containerd.runc.v2
kasm  | time="2023-07-17T17:51:13.881381899Z" level=info msg="loading plugin \"io.containerd.event.v1.publisher\"..." runtime=io.containerd.runc.v2 type=io.containerd.event.v1
kasm  | time="2023-07-17T17:51:13.881421317Z" level=info msg="loading plugin \"io.containerd.internal.v1.shutdown\"..." runtime=io.containerd.runc.v2 type=io.containerd.internal.v1
kasm  | time="2023-07-17T17:51:13.881428204Z" level=info msg="loading plugin \"io.containerd.ttrpc.v1.task\"..." runtime=io.containerd.runc.v2 type=io.containerd.ttrpc.v1
kasm  | time="2023-07-17T17:51:13.881516966Z" level=info msg="starting signal loop" namespace=moby path=/run/docker/containerd/daemon/io.containerd.runtime.v2.task/moby/7c831283b7480d6c73f523ee1c9473836094ca49ef7f51506423d5300e474aa3 pid=470 runtime=io.containerd.runc.v2
kasm  | time="2023-07-17T17:51:14.048879965Z" level=info msg="loading plugin \"io.containerd.event.v1.publisher\"..." runtime=io.containerd.runc.v2 type=io.containerd.event.v1
kasm  | time="2023-07-17T17:51:14.048913884Z" level=info msg="loading plugin \"io.containerd.internal.v1.shutdown\"..." runtime=io.containerd.runc.v2 type=io.containerd.internal.v1
kasm  | time="2023-07-17T17:51:14.048926371Z" level=info msg="loading plugin \"io.containerd.ttrpc.v1.task\"..." runtime=io.containerd.runc.v2 type=io.containerd.ttrpc.v1
kasm  | time="2023-07-17T17:51:14.049023182Z" level=info msg="starting signal loop" namespace=moby path=/run/docker/containerd/daemon/io.containerd.runtime.v2.task/moby/3260cc7dca2ccace63c2ec95264f18feadaa697f7aedfc32956e52e3adaef34c pid=542 runtime=io.containerd.runc.v2
kasm  | time="2023-07-17T17:51:14.165508091Z" level=info msg="loading plugin \"io.containerd.event.v1.publisher\"..." runtime=io.containerd.runc.v2 type=io.containerd.event.v1
kasm  | time="2023-07-17T17:51:14.165546903Z" level=info msg="loading plugin \"io.containerd.internal.v1.shutdown\"..." runtime=io.containerd.runc.v2 type=io.containerd.internal.v1
kasm  | time="2023-07-17T17:51:14.165559240Z" level=info msg="loading plugin \"io.containerd.ttrpc.v1.task\"..." runtime=io.containerd.runc.v2 type=io.containerd.ttrpc.v1
kasm  | time="2023-07-17T17:51:14.165753135Z" level=info msg="starting signal loop" namespace=moby path=/run/docker/containerd/daemon/io.containerd.runtime.v2.task/moby/1a8266840a2bf1bb677c90664aeaab122c89a1b881dfdae9aa00663f0a2347e2 pid=613 runtime=io.containerd.runc.v2
kasm  | time="2023-07-17T17:51:14.276962062Z" level=info msg="loading plugin \"io.containerd.event.v1.publisher\"..." runtime=io.containerd.runc.v2 type=io.containerd.event.v1
kasm  | time="2023-07-17T17:51:14.276996705Z" level=info msg="loading plugin \"io.containerd.internal.v1.shutdown\"..." runtime=io.containerd.runc.v2 type=io.containerd.internal.v1
kasm  | time="2023-07-17T17:51:14.277008134Z" level=info msg="loading plugin \"io.containerd.ttrpc.v1.task\"..." runtime=io.containerd.runc.v2 type=io.containerd.ttrpc.v1
kasm  | time="2023-07-17T17:51:14.277130921Z" level=info msg="starting signal loop" namespace=moby path=/run/docker/containerd/daemon/io.containerd.runtime.v2.task/moby/6c675b843af6f758a56768b6cc24bf2de727c769e840bec7d653a75131f7cbb2 pid=665 runtime=io.containerd.runc.v2
kasm  | time="2023-07-17T17:51:14.324508801Z" level=info msg="loading plugin \"io.containerd.event.v1.publisher\"..." runtime=io.containerd.runc.v2 type=io.containerd.event.v1
kasm  | time="2023-07-17T17:51:14.324549734Z" level=info msg="loading plugin \"io.containerd.internal.v1.shutdown\"..." runtime=io.containerd.runc.v2 type=io.containerd.internal.v1
kasm  | time="2023-07-17T17:51:14.324559145Z" level=info msg="loading plugin \"io.containerd.ttrpc.v1.task\"..." runtime=io.containerd.runc.v2 type=io.containerd.ttrpc.v1
kasm  | time="2023-07-17T17:51:14.324675537Z" level=info msg="starting signal loop" namespace=moby path=/run/docker/containerd/daemon/io.containerd.runtime.v2.task/moby/b5bd7e5eddc58ab817eb6de12e29bc1a7bc41e8f8c6236eb33c61543645b5b67 pid=712 runtime=io.containerd.runc.v2
kasm  | time="2023-07-17T17:51:14.514851007Z" level=info msg="loading plugin \"io.containerd.event.v1.publisher\"..." runtime=io.containerd.runc.v2 type=io.containerd.event.v1
kasm  | time="2023-07-17T17:51:14.514896356Z" level=info msg="loading plugin \"io.containerd.internal.v1.shutdown\"..." runtime=io.containerd.runc.v2 type=io.containerd.internal.v1
kasm  | time="2023-07-17T17:51:14.514903822Z" level=info msg="loading plugin \"io.containerd.ttrpc.v1.task\"..." runtime=io.containerd.runc.v2 type=io.containerd.ttrpc.v1
kasm  | time="2023-07-17T17:51:14.515036542Z" level=info msg="starting signal loop" namespace=moby path=/run/docker/containerd/daemon/io.containerd.runtime.v2.task/moby/12a1c8ea6c9ac5f6cc63a517b3f8e21102b65862cb1a43e368c1a464725cc7ed pid=804 runtime=io.containerd.runc.v2
kasm  | time="2023-07-17T17:51:14.564309647Z" level=info msg="loading plugin \"io.containerd.event.v1.publisher\"..." runtime=io.containerd.runc.v2 type=io.containerd.event.v1
kasm  | time="2023-07-17T17:51:14.564368144Z" level=info msg="loading plugin \"io.containerd.internal.v1.shutdown\"..." runtime=io.containerd.runc.v2 type=io.containerd.internal.v1
kasm  | time="2023-07-17T17:51:14.564379823Z" level=info msg="loading plugin \"io.containerd.ttrpc.v1.task\"..." runtime=io.containerd.runc.v2 type=io.containerd.ttrpc.v1
kasm  | time="2023-07-17T17:51:14.564505948Z" level=info msg="starting signal loop" namespace=moby path=/run/docker/containerd/daemon/io.containerd.runtime.v2.task/moby/53962a8449a6aa6e3dda02c2ec2c15ea963ae725af852bfd09a1aa448e40879f pid=830 runtime=io.containerd.runc.v2
kasm  | time="2023-07-17T17:51:14.670253739Z" level=info msg="loading plugin \"io.containerd.event.v1.publisher\"..." runtime=io.containerd.runc.v2 type=io.containerd.event.v1
kasm  | time="2023-07-17T17:51:14.670318200Z" level=info msg="loading plugin \"io.containerd.internal.v1.shutdown\"..." runtime=io.containerd.runc.v2 type=io.containerd.internal.v1
kasm  | time="2023-07-17T17:51:14.670329386Z" level=info msg="loading plugin \"io.containerd.ttrpc.v1.task\"..." runtime=io.containerd.runc.v2 type=io.containerd.ttrpc.v1
kasm  | time="2023-07-17T17:51:14.670511210Z" level=info msg="starting signal loop" namespace=moby path=/run/docker/containerd/daemon/io.containerd.runtime.v2.task/moby/c03f5ec264e862e667dba5633cf072c4813230e5d6993acafc847f4a0a21e995 pid=921 runtime=io.containerd.runc.v2
kasm  | time="2023-07-17T17:51:15.324574344Z" level=info msg="loading plugin \"io.containerd.event.v1.publisher\"..." runtime=io.containerd.runc.v2 type=io.containerd.event.v1
kasm  | time="2023-07-17T17:51:15.324614453Z" level=info msg="loading plugin \"io.containerd.internal.v1.shutdown\"..." runtime=io.containerd.runc.v2 type=io.containerd.internal.v1
kasm  | time="2023-07-17T17:51:15.324627671Z" level=info msg="loading plugin \"io.containerd.ttrpc.v1.task\"..." runtime=io.containerd.runc.v2 type=io.containerd.ttrpc.v1
kasm  | time="2023-07-17T17:51:15.324772101Z" level=info msg="starting signal loop" namespace=moby path=/run/docker/containerd/daemon/io.containerd.runtime.v2.task/moby/b098bf0f2d11ad69d679f0ac4176593a95864b07181c3ac1ad776a7cf75323f1 pid=1122 runtime=io.containerd.runc.v2
kasm  | time="2023-07-17T17:51:15.481756146Z" level=error msg="copy shim log" error="read /proc/self/fd/49: file already closed"
kasm  | time="2023-07-17T17:51:15.482153660Z" level=error msg="stream copy error: reading from a closed fifo"
kasm  | time="2023-07-17T17:51:15.482153707Z" level=error msg="stream copy error: reading from a closed fifo"
kasm  | time="2023-07-17T18:58:07.108227524Z" level=info msg="loading plugin \"io.containerd.event.v1.publisher\"..." runtime=io.containerd.runc.v2 type=io.containerd.event.v1
kasm  | time="2023-07-17T18:58:07.108272558Z" level=info msg="loading plugin \"io.containerd.internal.v1.shutdown\"..." runtime=io.containerd.runc.v2 type=io.containerd.internal.v1
kasm  | time="2023-07-17T18:58:07.108286061Z" level=info msg="loading plugin \"io.containerd.ttrpc.v1.task\"..." runtime=io.containerd.runc.v2 type=io.containerd.ttrpc.v1
kasm  | time="2023-07-17T18:58:07.108412707Z" level=info msg="starting signal loop" namespace=moby path=/run/docker/containerd/daemon/io.containerd.runtime.v2.task/moby/a5d5832edc7bfa20f4234b23c30289bfc25a7f079008f11f3ec86bcb0c922473 pid=12632 runtime=io.containerd.runc.v2
github-actions[bot] commented 1 year ago

Thanks for opening your first issue here! Be sure to follow the relevant issue templates, or risk having this issue marked as invalid.

j0nnymoe commented 1 year ago

You need to configure caddy to handle web sockets.

megacorvega commented 1 year ago

I'm having some trouble with that as well. I've added this to my Caddyfile entry:

kasm.{$MY_DOMAIN} {
    @websockets {
        header Connection *Upgrade*
        header Upgrade websocket
    }
    reverse_proxy @websockets monolith.lan:4443 {
        transport http {
            tls_insecure_skip_verify
        }
    }
    tls {
        dns cloudflare {env.CLOUDFLARE_API_TOKEN}
        resolvers 1.1.1.1
    }
}

But now I'm getting a blank page on the site. I'm sure I just don't understand how to apply the right headers. I'm trying to figure out how to redefine the host as to not include the 4443 port number at the end. I'll update here if I can figure it out.

EDIT: I've asked in the caddy forums, and apparently my initial configuration should handle websockets. Still looking into it.

megacorvega commented 1 year ago

Well, the answer was in the issue that I referenced... Just gotta learn to read I guess.

https://www.kasmweb.com/docs/latest/how_to/reverse_proxy.html#update-zones