jazzymc/infrastructure
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs: add Kasm Workspaces service and fix changelog

Browse Source 
Document Kasm DinD architecture, Traefik integration, and the
proxy_port/frameDeny fixes that resolved session connection failures.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
jazzymc
2026-05-05 17:38:17 +00:00
parent 9cc955e62b
commit 8e3cde9d7c
2 changed files with 33 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docs/03-SERVICES-OTHER.md
+23
View File
@@ -243,6 +243,29 @@ Non-critical services that enhance functionality but don't affect core network o
## Remote Access ## Remote Access
### Kasm Workspaces (Browser Isolation)
| Component | IP | URL |
|-----------|-----|-----|
| kasm (DinD host) | 172.18.0.66 | https://kasm.xtrm-lab.org |
| kasm_proxy | 172.19.0.8 (internal) | - |
| kasm_api | 172.19.0.7 (internal) | - |
| kasm_manager | 172.19.0.6 (internal) | - |
| kasm_agent | 172.19.0.2 (internal) | - |
| kasm_db | 172.19.0.3 (internal) | - |
| kasm_guac | 172.19.0.9 (internal) | - |
**Version:** 1.18.1
**Architecture:** Docker-in-Docker (runs its own Docker daemon with internal containers)
**Network:** dockerproxy (outer), kasm_default_network 172.19.0.0/16 (inner)
**Ports:** 3000 (web UI), 6333 (proxy/sessions)
**Data:** `/mnt/user/appdata/kasm/`
**Traefik Integration:**
- Uses `kasm-headers` middleware (no `frameDeny` — Kasm requires iframes)
- Service backend: `https://172.18.0.66:6333` with `insecure-skip-verify`
- Zone config: `proxy_port=443`, `proxy_hostname=$request_host$` (routes sessions through Traefik)
### RustDesk ### RustDesk
| Component | Ports | | Component | Ports |
docs/CHANGELOG.md
+10
View File
@@ -2,6 +2,16 @@
**Purpose:** Major infrastructure events only. Minor changes are in git commit messages. **Purpose:** Major infrastructure events only. Minor changes are in git commit messages.
---
## 2026-05-05
### Kasm Workspaces Fix
- **[KASM]** Fixed session connection failure when accessing via Traefik reverse proxy
- **[KASM]** Changed zone `proxy_port` from 6333 to 443 in kasm_db — browser WebSocket now routes through Traefik instead of trying unreachable port 6333
- **[TRAEFIK]** Added `kasm-headers` middleware (same as `default-headers` but without `frameDeny`) — Kasm uses iframes for session rendering
- **[TRAEFIK]** Updated kasm-secure router to use `kasm-headers` middleware
- **[DOCS]** Added Kasm Workspaces to 03-SERVICES-OTHER.md
--- ---
## 2026-03-12 ## 2026-03-12