[Kasm](https://www.kasmweb.com/?utm_campaign=LinuxServer&utm_source=listing) Workspaces is a docker container streaming platform for delivering browser-based access to desktops, applications, and web services. Kasm uses devops-enabled Containerized Desktop Infrastructure (CDI) to create on-demand, disposable, docker containers that are accessible via web browser. Example use-cases include Remote Browser Isolation (RBI), Data Loss Prevention (DLP), Desktop as a Service (DaaS), Secure Remote Access Services (RAS), and Open Source Intelligence (OSINT) collections.
The rendering of the graphical-based containers is powered by the open-source project [KasmVNC](https://www.kasmweb.com/kasmvnc.html?utm_campaign=LinuxServer&utm_source=kasmvnc).
## Supported Architectures
We utilise the docker manifest for multi-platform awareness. More information is available from docker [here](https://github.com/docker/distribution/blob/master/docs/spec/manifest-v2-2.md#manifest-list) and our announcement [here](https://blog.linuxserver.io/2019/02/21/the-lsio-pipeline-project/).
Simply pulling `lscr.io/linuxserver/kasm:latest` should retrieve the correct image for your arch, but you can also pull specific arch images via tags.
The architectures supported by this image are:
| Architecture | Available | Tag |
| :----: | :----: | ---- |
| x86-64 | ✅ | amd64-\<version tag\> |
| arm64 | ✅ | arm64v8-\<version tag\> |
| armhf| ❌ | |
## Version Tags
This image provides various versions that are available via tags. Please read the descriptions carefully and exercise caution when using unstable or development tags.
| Tag | Available | Description |
| :----: | :----: |--- |
| latest | ✅ | Stable Kasm releases |
| develop | ✅ | Tip of develop |
## Application Setup
This container uses [Docker in Docker](https://www.docker.com/blog/docker-can-now-run-within-docker/) and requires being run in `privileged` mode. This container also requires an initial setup that runs on port 3000.
**Unlike other containers the web interface port (default 443) needs to be set for the env variable `KASM_PORT` and both the inside and outside port IE for 4443 `KASM_PORT=4443``-p 4443:4443`**
Access the installation wizard at https://`your ip`:3000 and follow the instructions there. Once setup is complete access https://`your ip`:443 and login with the credentials you entered during setup. The default users are:
* admin@kasm.local
* user@kasm.local
Currently Synology systems are not supported due to them blocking CPU scheduling in their Kernel.
### Strict reverse proxies
This image uses a self-signed certificate by default. This naturally means the scheme is `https`.
If you are using a reverse proxy which validates certificates, you need to [disable this check for the container](https://docs.linuxserver.io/faq#strict-proxy).
## Usage
To help you get started creating a container from this image you can either use docker-compose or the docker cli.
### docker-compose (recommended, [click here for more info](https://docs.linuxserver.io/general/docker-compose))
```yaml
---
version: "2.1"
services:
kasm:
image: lscr.io/linuxserver/kasm:latest
container_name: kasm
privileged: true
environment:
- KASM_PORT=443
- TZ=Europe/London
- DOCKER_HUB_USERNAME=USER #optional
- DOCKER_HUB_PASSWORD=PASS #optional
volumes:
- /path/to/data:/opt
- /path/to/profiles:/profiles #optional
ports:
- 3000:3000
- 443:443
restart: unless-stopped
```
### docker cli ([click here for more info](https://docs.docker.com/engine/reference/commandline/cli/))
```bash
docker run -d \
--name=kasm \
--privileged \
-e KASM_PORT=443 \
-e TZ=Europe/London \
-e DOCKER_HUB_USERNAME=USER `#optional` \
-e DOCKER_HUB_PASSWORD=PASS `#optional` \
-p 3000:3000 \
-p 443:443 \
-v /path/to/data:/opt \
-v /path/to/profiles:/profiles `#optional` \
--restart unless-stopped \
lscr.io/linuxserver/kasm:latest
```
## Parameters
Docker images are configured using parameters passed at runtime (such as those above). These parameters are separated by a colon and indicate `<external>:<internal>` respectively. For example, `-p 8080:80` would expose port `80` from inside the container to be accessible from the host's IP on port `8080` outside the container.
### Ports (`-p`)
| Parameter | Function |
| :----: | --- |
| `3000` | Kasm Installation wizard. (https) |
| `443` | Kasm Workspaces interface. (https) |
### Environment Variables (`-e`)
| Env | Function |
| :----: | --- |
| `KASM_PORT=443` | Specify the port you bind to the outside for Kasm Workspaces. |
| `TZ=Europe/London` | Specify a timezone to use EG Europe/London. |
| `DOCKER_HUB_USERNAME=USER` | Optionally specify a DockerHub Username to pull private images. |
| `DOCKER_HUB_PASSWORD=PASS` | Optionally specify a DockerHub password to pull private images. |
### Volume Mappings (`-v`)
| Volume | Function |
| :----: | --- |
| `/opt` | Docker and installation storage. |
| `/profiles` | Optionally specify a path for persistent profile storage. |
#### Miscellaneous Options
| Parameter | Function |
| :-----: | --- |
## Environment variables from files (Docker secrets)
You can set any environment variable from a file by using a special prepend `FILE__`.
As an example:
```bash
-e FILE__PASSWORD=/run/secrets/mysecretpassword
```
Will set the environment variable `PASSWORD` based on the contents of the `/run/secrets/mysecretpassword` file.
## Umask for running applications
For all of our images we provide the ability to override the default umask settings for services started within the containers using the optional `-e UMASK=022` setting.
Keep in mind umask is not chmod it subtracts from permissions based on it's value it does not add. Please read up [here](https://en.wikipedia.org/wiki/Umask) before asking for support.
## Docker Mods
[![Docker Mods](https://img.shields.io/badge/dynamic/yaml?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=kasm&query=%24.mods%5B%27kasm%27%5D.mod_count&url=https%3A%2F%2Fraw.githubusercontent.com%2Flinuxserver%2Fdocker-mods%2Fmaster%2Fmod-list.yml)](https://mods.linuxserver.io/?mod=kasm "view available mods for this container.") [![Docker Universal Mods](https://img.shields.io/badge/dynamic/yaml?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=universal&query=%24.mods%5B%27universal%27%5D.mod_count&url=https%3A%2F%2Fraw.githubusercontent.com%2Flinuxserver%2Fdocker-mods%2Fmaster%2Fmod-list.yml)](https://mods.linuxserver.io/?mod=universal "view available universal mods.")
We publish various [Docker Mods](https://github.com/linuxserver/docker-mods) to enable additional functionality within the containers. The list of Mods available for this image (if any) as well as universal mods that can be applied to any one of our images can be accessed via the dynamic badges above.
## Support Info
* Shell access whilst the container is running:
*`docker exec -it kasm /bin/bash`
* To monitor the logs of the container in realtime:
*`docker logs -f kasm`
* Container version number
*`docker inspect -f '{{ index .Config.Labels "build_version" }}' kasm`
* Image version number
*`docker inspect -f '{{ index .Config.Labels "build_version" }}' lscr.io/linuxserver/kasm:latest`