docker-documentation/images/docker-kasm.md

title
kasm

linuxserver/kasm

Kasm Workspaces is a docker container streaming platform for delivering browser-based access to desktops, applications, and web services. Kasm uses devops-enabled Containerized Desktop Infrastructure (CDI) to create on-demand, disposable, docker containers that are accessible via web browser. Example use-cases include Remote Browser Isolation (RBI), Data Loss Prevention (DLP), Desktop as a Service (DaaS), Secure Remote Access Services (RAS), and Open Source Intelligence (OSINT) collections.

The rendering of the graphical-based containers is powered by the open-source project KasmVNC.

Supported Architectures

We utilise the docker manifest for multi-platform awareness. More information is available from docker here and our announcement here.

Simply pulling lscr.io/linuxserver/kasm:latest should retrieve the correct image for your arch, but you can also pull specific arch images via tags.

The architectures supported by this image are:

Architecture	Available	Tag
x86-64	✅	amd64-<version tag>
arm64	✅	arm64v8-<version tag>
armhf	❌

Version Tags

This image provides various versions that are available via tags. Please read the descriptions carefully and exercise caution when using unstable or development tags.

Tag	Available	Description
latest	✅	Stable Kasm releases
develop	✅	Tip of develop

Application Setup

This container uses Docker in Docker and requires being run in privileged mode. This container also requires an initial setup that runs on port 3000.

Unlike other containers the web interface port (default 443) needs to be set for the env variable KASM_PORT and both the inside and outside port IE for 4443 KASM_PORT=4443 -p 4443:4443

Unraid users due to the DinD storage layer /opt/ should be mounted directly to a disk IE /mnt/disk1/appdata/path or optimally with a cache disk at /mnt/cache/appdata/path

Access the installation wizard at https://your ip:3000 and follow the instructions there. Once setup is complete access https://your ip:443 and login with the credentials you entered during setup. The default users are:

• admin@kasm.local
• user@kasm.local

Currently Synology systems are not supported due to them blocking CPU scheduling in their Kernel.

Strict reverse proxies

This image uses a self-signed certificate by default. This naturally means the scheme is https. If you are using a reverse proxy which validates certificates, you need to disable this check for the container.

Usage

To help you get started creating a container from this image you can either use docker-compose or the docker cli.

docker-compose (recommended, click here for more info)

---
version: "2.1"
services:
  kasm:
    image: lscr.io/linuxserver/kasm:latest
    container_name: kasm
    privileged: true
    environment:
      - KASM_PORT=443
      - TZ=Europe/London
      - DOCKER_HUB_USERNAME=USER #optional
      - DOCKER_HUB_PASSWORD=PASS #optional
    volumes:
      - /path/to/data:/opt
      - /path/to/profiles:/profiles #optional
    ports:
      - 3000:3000
      - 443:443
    restart: unless-stopped

docker cli (click here for more info)

docker run -d \
  --name=kasm \
  --privileged \
  -e KASM_PORT=443 \
  -e TZ=Europe/London \
  -e DOCKER_HUB_USERNAME=USER `#optional` \
  -e DOCKER_HUB_PASSWORD=PASS `#optional` \
  -p 3000:3000 \
  -p 443:443 \
  -v /path/to/data:/opt \
  -v /path/to/profiles:/profiles `#optional` \
  --restart unless-stopped \
  lscr.io/linuxserver/kasm:latest

Parameters

Docker images are configured using parameters passed at runtime (such as those above). These parameters are separated by a colon and indicate <external>:<internal> respectively. For example, -p 8080:80 would expose port 80 from inside the container to be accessible from the host's IP on port 8080 outside the container.

Ports (-p)

Parameter	Function
3000	Kasm Installation wizard. (https)
443	Kasm Workspaces interface. (https)

Environment Variables (-e)

Env	Function
KASM_PORT=443	Specify the port you bind to the outside for Kasm Workspaces.
TZ=Europe/London	Specify a timezone to use EG Europe/London.
DOCKER_HUB_USERNAME=USER	Optionally specify a DockerHub Username to pull private images.
DOCKER_HUB_PASSWORD=PASS	Optionally specify a DockerHub password to pull private images.

Volume Mappings (-v)

Volume	Function
/opt	Docker and installation storage.
/profiles	Optionally specify a path for persistent profile storage.

Miscellaneous Options

Parameter	Function

Environment variables from files (Docker secrets)

You can set any environment variable from a file by using a special prepend FILE__.

As an example:

-e FILE__PASSWORD=/run/secrets/mysecretpassword

Will set the environment variable PASSWORD based on the contents of the /run/secrets/mysecretpassword file.

Umask for running applications

For all of our images we provide the ability to override the default umask settings for services started within the containers using the optional -e UMASK=022 setting. Keep in mind umask is not chmod it subtracts from permissions based on it's value it does not add. Please read up here before asking for support.

Docker Mods

We publish various Docker Mods to enable additional functionality within the containers. The list of Mods available for this image (if any) as well as universal mods that can be applied to any one of our images can be accessed via the dynamic badges above.

Support Info

• Shell access whilst the container is running:
  • docker exec -it kasm /bin/bash
• To monitor the logs of the container in realtime:
  • docker logs -f kasm
• Container version number
  • docker inspect -f '{{ index .Config.Labels "build_version" }}' kasm
• Image version number
  • docker inspect -f '{{ index .Config.Labels "build_version" }}' lscr.io/linuxserver/kasm:latest

Versions

• 23.09.22: - Migrate to s6v3.
• 02.07.22: - Initial Release.