From 8e3cde9d7c38d5e8c8e729fce7cb5a15eee80db8 Mon Sep 17 00:00:00 2001 From: jazzymc Date: Tue, 5 May 2026 17:38:17 +0000 Subject: [PATCH] docs: add Kasm Workspaces service and fix changelog Document Kasm DinD architecture, Traefik integration, and the proxy_port/frameDeny fixes that resolved session connection failures. Co-Authored-By: Claude Opus 4.6 (1M context) --- docs/03-SERVICES-OTHER.md | 23 +++++++++++++++++++++++ docs/CHANGELOG.md | 10 ++++++++++ 2 files changed, 33 insertions(+) diff --git a/docs/03-SERVICES-OTHER.md b/docs/03-SERVICES-OTHER.md index a1ec78e..daf013c 100644 --- a/docs/03-SERVICES-OTHER.md +++ b/docs/03-SERVICES-OTHER.md @@ -243,6 +243,29 @@ Non-critical services that enhance functionality but don't affect core network o ## Remote Access +### Kasm Workspaces (Browser Isolation) + +| Component | IP | URL | +|-----------|-----|-----| +| kasm (DinD host) | 172.18.0.66 | https://kasm.xtrm-lab.org | +| kasm_proxy | 172.19.0.8 (internal) | - | +| kasm_api | 172.19.0.7 (internal) | - | +| kasm_manager | 172.19.0.6 (internal) | - | +| kasm_agent | 172.19.0.2 (internal) | - | +| kasm_db | 172.19.0.3 (internal) | - | +| kasm_guac | 172.19.0.9 (internal) | - | + +**Version:** 1.18.1 +**Architecture:** Docker-in-Docker (runs its own Docker daemon with internal containers) +**Network:** dockerproxy (outer), kasm_default_network 172.19.0.0/16 (inner) +**Ports:** 3000 (web UI), 6333 (proxy/sessions) +**Data:** `/mnt/user/appdata/kasm/` + +**Traefik Integration:** +- Uses `kasm-headers` middleware (no `frameDeny` — Kasm requires iframes) +- Service backend: `https://172.18.0.66:6333` with `insecure-skip-verify` +- Zone config: `proxy_port=443`, `proxy_hostname=$request_host$` (routes sessions through Traefik) + ### RustDesk | Component | Ports | diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md index b79e276..cb41594 100644 --- a/docs/CHANGELOG.md +++ b/docs/CHANGELOG.md @@ -2,6 +2,16 @@ **Purpose:** Major infrastructure events only. Minor changes are in git commit messages. +--- +## 2026-05-05 + +### Kasm Workspaces Fix +- **[KASM]** Fixed session connection failure when accessing via Traefik reverse proxy +- **[KASM]** Changed zone `proxy_port` from 6333 to 443 in kasm_db — browser WebSocket now routes through Traefik instead of trying unreachable port 6333 +- **[TRAEFIK]** Added `kasm-headers` middleware (same as `default-headers` but without `frameDeny`) — Kasm uses iframes for session rendering +- **[TRAEFIK]** Updated kasm-secure router to use `kasm-headers` middleware +- **[DOCS]** Added Kasm Workspaces to 03-SERVICES-OTHER.md + --- ## 2026-03-12