search

linuxserver / docker-kasm

Kasm Workspaces platform provides enterprise-class orchestration, data loss prevention, and web streaming technology to enable the delivery of containerized workloads to your browser.
GNU General Public License v3.0
299 stars 28 forks source link

[BUG] 'Lossless' Unavailable through Reverse Proxy #36

Closed zimmra closed 1 year ago

zimmra commented 1 year ago

Is there an existing issue for this?

Current Behavior

Under Streaming Quality I am able to enable lossless when accessing the workspace image

But when trying to access through reverse proxy (nginx proxy manager, in my case) I am unable to access the option image

I have tried this with the container set to bridge networking, as well as host networking, on my server and the result is the same

Steps To Reproduce

  1. Install linuxserver/docker-kasm, and finish setup process
  2. Setup reverse proxy configuration on host machine
    • Be sure to include the following in the config, per Kasm: 
      • add_header 'Cross-Origin-Embedder-Policy' 'require-corp';
add_header 'Cross-Origin-Opener-Policy' 'same-origin';
add_header 'Cross-Origin-Resource-Policy' 'same-site';
  3. Set Proxy Port to 0 in Admin>Infrastructure>Zones>Proxy Connections
  4. Access container via Reverse Proxy URL
  5. Attempt to set container Streaming Quality to Lossless

Environment

- OS: Ubuntu 22.04
- How docker service was installed: directly from Docker (not from apt)

CPU architecture

x86-64

Docker creation

---
version: "2.1"
services:
  kasm:
    image: lscr.io/linuxserver/kasm:latest
    container_name: kasm
    network_mode: host
    privileged: true
    environment:
      - KASM_PORT=4435
      - DOCKER_MTU=1500 #optional
    volumes:
      - /dockercfg/kasm/config:/opt
      - /dockercfg/kasm/profiles:/profiles #optional
      - /dockercfg/kasm/volumes:/volumes
      - /dev/input:/dev/input #optional
      - /run/udev/data:/run/udev/data #optional
    ports:
      - 3065:3000 # vestigial from bridge mode
      - 4435:4435 # vestigial from bridge mode
    restart: unless-stopped

Container logs

Logs do not indicate streaming mode, and do not indicate any errors

github-actions[bot] commented 1 year ago

Thanks for opening your first issue here! Be sure to follow the relevant issue templates, or risk having this issue marked as invalid.

aptalca commented 1 year ago

Iirc lossless requires the use of the internal 3001 (https) port

zimmra commented 1 year ago

Iirc lossless requires the use of the internal 3001 (https) port

I will give it a try later, but if that's the case then why does it work when going direct to the IP (which is where my first screenshot came from) which is https://192.168.2.2:4435 from a remote machine (not directly on the host)

When I test, should I be using 3001 for KASM_PORT in place of 443 in the port mapping?

zimmra commented 1 year ago

@aptalca had an opportunity to test sooner than I though

Entirely new Kasm setup, with KASM_PORT set to 3001 and the option still isn't present when accessing through the reverse proxy

---
version: "2.1"
services:
  kasm2:
    image: lscr.io/linuxserver/kasm:latest
    container_name: kasm2
    privileged: true
    environment:
      - KASM_PORT=3001
    volumes:
      - /dockercfg/kasm2/config:/opt
      - /dockercfg/kasm2/profiles:/profiles #optional
      - /dockercfg/kasm2/volumes:/volumes
      - /dev/input:/dev/input #optional
      - /run/udev/data:/run/udev/data #optional
    ports:
      - 3066:3000
      - 3001:3001
    restart: unless-stopped

Direct to IP (https://192.168.2.2:3001)

image

Through Reverse Proxy

image

NPM Custom Config

image

aptalca commented 1 year ago

What address are you putting in the browser to access?

zimmra commented 1 year ago

What address are you putting in the browser to access?

It works going direct to my docker host's IP with the port defined in KASM_PORT, https://192.168.2.2:4435 (as well as https://192.168.2.2:3001 on this second 'test' setup I spun up) (github automatically removes https from preview, but they're both https) It does not work going through my reverse proxy, https://kasm.[MYFQDN].io

aptalca commented 1 year ago

As detailed in the readme, the outside port needs to match the internal port

Either you set the internal port to 443 and access at https://kasm.[myfqdn].io or you set it to 4435 and access it at https://kasm.[myfqdn].io:4435

zimmra commented 1 year ago

As detailed in the readme, the outside port needs to match the internal port

My setup followed the readme instructions exactly....

Unlike other containers the web interface port (default 443) needs to be set for the env variable KASM_PORT and both the inside and outside port IE for 4443 KASM_PORT=4443 -p 4443:4443

my KASM_PORT, externally mapped port, and container internal port were all set to be the same (normally I would leave the interal port as default and remap to a different one on the host) - it doesn't mention that the reverse proxy port also needs to match this

So with your current suggestion, setup now I setup an additional IP address so that now I have KASM_PORT set to 443, as well as the ports mapped to 443:443 and still the same result.

Docker Compose

---
version: "2.1"
services:
  kasm2:
    image: lscr.io/linuxserver/kasm:latest
    container_name: kasm2
    privileged: true
    environment:
      - KASM_PORT=443
      - DOCKER_MTU=1500 #optional
    volumes:
      - /dockercfg/kasm2/config:/opt
      - /dockercfg/kasm2/profiles:/profiles #optional
      - /dockercfg/kasm2/volumes:/volumes
      - /dev/input:/dev/input #optional
      - /run/udev/data:/run/udev/data #optional
    ports:
      - "192.168.2.16:3066:3000"
      - "192.168.2.16:443:443"
    restart: unless-stopped

Connecting to IP (https://192.168.2.16)

image

Logs inside container within kasm when this is accessed via https://192.168.2.16:443

Connecting through reverse proxy

image

Logs inside container within kasm when this is accessed via https://192.168.2.16:443 https://[redacted].io:443

zimmra commented 1 year ago

Logs inside container within kasm when this is accessed via https://192.168.2.16:443

I made an error in my description here, these were actually the logs when accessed via my FQDN, I have since fixed this

zimmra commented 1 year ago

I resolved this by disabling HTTP/2 in Nginx Proxy Manager, lossless works through reverse proxy now