KasmVNC Blog https://docs.kasmvnc.com/how-to KasmVNC Blog Wed, 07 May 2025 18:58:55 GMT https://validator.w3.org/feed/docs/rss2.html https://github.com/jpmonette/feed en <![CDATA[Running behind a reverse proxy]]> https://docs.kasmvnc.com/how-to/reverse_proxy https://docs.kasmvnc.com/how-to/reverse_proxy Wed, 07 May 2025 18:58:55 GMT Run KasmVNC over HTTP first
  1. Install KasmVNC.
  2. Copy this code into ~/.vnc/kasmvnc.yaml:
network:
  interface: 127.0.0.1
  ssl:
    require_ssl: false
  udp:
    public_ip: 127.0.0.1
  1. Run vncserver.
  2. Verify that KasmVNC is running over HTTP by navigating to http://localhost:8444.

Setting up a reverse proxy

Copy this configuration to /etc/nginx/sites-available/kasmvnc:

server {
     listen 9443 ssl;
     ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
     ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;

     location / {
         # The following configurations must be configured when proxying to Kasm Workspaces

         # WebSocket Support
         proxy_set_header        Upgrade $http_upgrade;
         proxy_set_header        Connection "upgrade";

         # Host and X headers
         proxy_set_header        Host $host;
         proxy_set_header        X-Real-IP $remote_addr;
         proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header        X-Forwarded-Proto $scheme;

         # Connectivity Options
         proxy_http_version      1.1;
         proxy_read_timeout      1800s;
         proxy_send_timeout      1800s;
         proxy_connect_timeout   1800s;
         proxy_buffering         off;

         # Allow large requests to support file uploads to sessions
         client_max_body_size 10M;

         # # Proxy to KasmVNC using SSL
         proxy_pass https://127.0.0.1:8444;
         # Proxy to KasmVNC without SSL
         # proxy_pass http://127.0.0.1:8444;
     }
 }

Please note that default Debian snakeoil certificates are used. The configured certificates work on Debian-based systems, but may not on others. Please see /etc/kasmvnc/kasmvnc.yaml for certificate locations on for non-Debian-based systems. The locations are at pem_certificate and pem_key keys.

  1. Enable the configuration with ln -s /etc/nginx/sites-available/kasmvnc /etc/nginx/sites-enabled/.
  2. Restart nginx with systemctl restart nginx.
  3. Navigate to https://localhost:8443/, username/password is kasm_user/vncpassword.
]]>