Kasm
- 运维
- 2025-04-12
- 109热度
- 0评论
-
简介
-
Kasm Workspaces 提供对按需容器化桌面和应用程序的基于浏览器的访问
-
官方文档
https://www.kasmweb.com/docs/latest/index.html -
架构图
-
7.1 标准安装
-
操作如下
- 下载安装包
cd /tmp curl -O https://kasm-static-content.s3.amazonaws.com/kasm_release_1.16.0.a1d5b7.tar.gz tar -xf kasm_release_1.16.0.a1d5b7.tar.gz- 调整
install_dependencies.sh下载源
# 尽快你本机已经安装了docker-compose,但它还是会进行docker-compose的下载安装,下载地址是github国内容易超时 # kasm_release/install_dependencies.sh 添加加速地址 https://dl.hukanfa.cn 即可 100 curl -L https://dl.hukanfa.cn/https://github.com/docker/compose/releases/download/v2.5.0/docker-compose-$(uname -s)-$(uname -m) -o /usr/local/lib/ docker/cli-plugins/docker-compose- 执行安装脚本
# 这个过程会检查环境、拉取镜像、最后创建容器。默认访问端口映射为本地443端口,可使用 -L 参数指定映射端口 /bin/bash kasm_release/install.sh -L 8080- 完成安装后,将给出相关服务自动创建的账号密码等信息,如下所示
Kasm UI Login Credentials ------------------------------------ username: admin@kasm.local password: XloplcDRoE9UJ ------------------------------------ username: user@kasm.local password: m7WakJRdKTdjT ------------------------------------ Kasm Database Credentials ------------------------------------ username: kasmapp password: s48tVQSYM9LqbjKMQq8H ------------------------------------ Kasm Redis Credentials ------------------------------------ password: pbDTYUwrhDcCLPujdsGl ------------------------------------ Kasm Manager Token ------------------------------------ password: tr0J4MlX6YWVNxzFU1fK ------------------------------------ Service Registration Token ------------------------------------ password: U9hnNf0mubNJp4afWqpM ------------------------------------
7.2 访问配置
7.2.1 基本访问
-
操作如下
- 直接访问
https://192.168.26.21
- 直接访问
7.2.2 反向代理
-
说明
- 官方文档
https://kasmweb.com/docs/latest/how_to/reverse_proxy.html - 架构图
- 官方文档
-
操作如下
kasm.xxx.com.conf
server { listen 80; server_name kasm.xxx.com; rewrite ^(.*)$ https://$host$1 permanent; } server { listen 443 ssl; server_name kasm.xxx.com; ssl_certificate certs/xxx.com.crt; ssl_certificate_key certs/xxx.com.key; access_log logs/kasm_access.log qlmain; error_log logs/kasm_error.log error; location / { # The following configurations must be configured when proxying to Kasm Workspaces # WebSocket Support proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; # Host and X headers proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # Connectivity Options proxy_http_version 1.1; proxy_read_timeout 1800s; proxy_send_timeout 1800s; proxy_connect_timeout 1800s; proxy_buffering off; # Allow large requests to support file uploads to sessions client_max_body_size 10M; # Proxy to Kasm Workspaces running locally on 8443 using ssl proxy_pass https://127.0.0.1:8088; } }- 调整默认域配置,路径
管理 -> 基础设施 -> 区域,将代理端口设置为 0
- 至此,就可以使用域名进行访问了
7.3 配置实践
7.3.1 发布应用
-
操作如下
- 路径
管理 -> 工作区 -> 注册表 - 注册表页签显示的内容表示应用可以从 Kasm 官方安装,也可以从第三方如 Linuxserver.io 或者 Twingate
- 可用工作区页签将显示注册表渠道发布可安装的应用列表,选定应用点击就安装即可
- 正在安装中的应用将在 已安装工作区 中显示 ,应用安装完成后就可以再工作区中直接使用,用完即可删除
- 路径
7.3.2 调整会话保留时长
-
操作如下
- 默认工作区创建的应用容器会话销毁时长为 1 小时,某些场景下如果想延长会话销毁,可以延长会话保留时间
- 路径
管理 -> 设置 -> 全局 -> 身份验证 -> 会话时间限制
7.3.3 权限配置
-
操作如下
- 配置普通管理员权限
7.3.4 调整端口
-
操作如下
- 界面访问的默认端口为443,初次部署没有指定其他端口或后续需要更换端口可以参考以下操作
- 停止并删除容器
# 停止容器 sudo /opt/kasm/current/bin/stop # 删除容器 export KASM_UID=$(id kasm -u) export KASM_GID=$(id kasm -g) sudo -E docker compose -f /opt/kasm/current/docker/docker-compose.yaml rm- 修改以下配置文件端口
# 路径: /opt/kasm/current 统一将下面8089端口替换即可 ./conf/nginx/orchestrator.conf:3: listen 8089 ssl; ./conf/app/agent.app.config.yaml:20: public_port: 8089 ./conf/app/agent.app.config.yaml:82: public_port: 8089 ./conf/app/kasmguac.app.config.yaml:6: server_port: 8089 ./conf/app/kasmguac.app.config.yaml:31: port: 8089 ./conf/app/passthrough.app.config.yaml:7: port: 8089 ./conf/app/passthrough.app.config.yaml:81: server_port: 8089 ./conf/app/rdp_https_gateway.app.config.yaml:16: port: 8089 ./conf/app/rdp_https_gateway.app.config.yaml:22: server_port: 8089 ./docker/.conf/docker-compose-agent.yaml:24: - "8089:8089" ./docker/.conf/docker-compose-all.yaml:185: - "8089:8089" ./docker/.conf/docker-compose-api.yaml:23: - "8089:8089" ./docker/.conf/docker-compose-app.yaml:38: - "8089:8089" ./docker/.conf/docker-compose-guac.yaml:66: - "8089:8089" ./docker/.conf/docker-compose-proxy.yaml:7: - "8089:8089" ./docker/docker-compose.yaml:185: - "8089:8089"- 创建并启动容器
# 启动容器 sudo /opt/kasm/current/bin/stop # 查看状态 docker ps- 访问
https://192.168.26.21:8089
7.4 卸载
-
操作如下
- 官方文档
https://kasmweb.com/docs/latest/install/uninstall.html - 停止服务
# 同样的,启动服务 /opt/kasm/current/bin/start sudo /opt/kasm/current/bin/stop- 删除kasm相关会话容器
# If there are no session containers to remove, you will get an error that “docker rm requires at least 1 argument”, which means that the command ran successfully sudo docker rm -f $(sudo docker container ls -qa --filter="label=kasm.kasmid")- 删除容器
export KASM_UID=$(id kasm -u) export KASM_GID=$(id kasm -g) sudo -E docker compose -f /opt/kasm/current/docker/docker-compose.yaml rm- 删除网络
sudo docker network rm kasm_default_network- 删除网络插件
plugin_name=$(sudo docker network inspect kasm_sidecar_network --format '{{.Driver}}') sudo docker network rm kasm_sidecar_network sudo docker plugin disable $plugin_name sudo docker plugin rm $plugin_name sudo rm -rf /var/log/kasm-sidecar sudo rm -rf /var/run/kasm-sidecar- 删除挂载卷
sudo docker volume rm kasm_db_1.16.0- 删除相关镜像
sudo docker rmi redis:5-alpine sudo docker rmi postgres:14-alpine sudo docker rmi kasmweb/nginx:latest sudo docker rmi kasmweb/share:1.16.0 sudo docker rmi kasmweb/agent:1.16.0 sudo docker rmi kasmweb/manager:1.16.0 sudo docker rmi kasmweb/api:1.16.0 sudo docker rmi $(sudo docker images --filter "label=com.kasmweb.image=true" -q)- 删除安装目录
sudo rm -rf /opt/kasm/- 删除用户
sudo deluser kasm_db sudo deluser kasm - 官方文档