Setup Kasm with NPM and NGNIX Reverse Proxy
So, I happened upon Kasm, and I'm a huge fan of it. It is one of the easiest installs for single server usage. The web-based desktops run flawlessly in my opinion. You can even stream Youtube from them with really good video quality. I struggle to do this even with RDP connections on my own network sometimes!
What is Kasm?
It streams containerized apps and desktops to end users. The Workspaces platform provides enterprise-class orchestration, data loss prevention, and web streaming technology to enable the delivery of containerized workloads to your browser.
- Kasm website
In short, it's a front end for docker containers, that is packaged really well and allows scaling and user management control of disposable workspaces. Again these are meant to be applications that can be spun up and none of the data retained. However, this doesn't mean that no data goes in or out. They have a really good upload and download mechanism for transferring files in and out of the docker through the web interface.
Why am I doing this?
Well from a security researcher's perspective, this is AWESOME! I can spin up a malware analysis box, upload my file, run analytics on it, then completely destroy it and not have to worry about infection.
Want to run an instance of Kali Linux to run some scans... perfect. Want to pull of a Tor Browser to do some research without worrying if your browser gets pwned from shady sites, done!
Additionally, installing the Kasm server and NGINX proxy allows me to access the server from the public using DNS and a domain name.
Getting Started
To get started I am using a Ubuntu 20.04.1 Server as my OS of choice.
Next, I'm going to install a few packages to get me going.
```sudo apt update && sudo apt upgrade -y```
Then we need to install docker and docker-compose
sudo apt install docker docker-compose
The whole point of putting the Kasm server behind NPM is to make it accessible through DNS and a domain name. At this point, I opened up the ports on my router to allow port 80 and port 443. Since all routers are different you will have to consult your own routers configuration instructions.
Now, we are going to use the GitHub instructions for installing the NGINX Proxy Manager (NPM) located here.
cd ~
mkdir npmdocker
cd nmpdocker
nano docker-compose.ymlCreate a docker-compose file similar to the one below, I'll just call my file docker-compose.yml.
Version: '3.8'
services:
app:
image: 'jc21/nginx-proxy-manager:latest'
restart: unless-stopped
ports:
- '80:80'
- '81:81'
- '443:443'
volumes:
- ./data:/data
- ./letsencrypt:/etc/letsencrypt
Next, let's start the docker.
sudo docker-compose up -d
Now we will connect to the docker's NPM interface using a web browser connect to the server IP on port 81
http://192.168.1.15:81The default user credentials are:
Email: admin@example.com
Password: changeme
After installation make sure to change the default admin information.
Next, we need to set up our domain name. I followed this guide with Google Domains.
I am using ddclient to set up the domain for dynamic DNS.
sudo apt install ddclientDuring the setup, it will pop up a great little cli gui that you just put your domain user and password from the guide listed above. (I may create a blog post for this later.)
Once you let your dynamic DNS client update through the nameservers you should be able to go to your domain, and receive a page like this:
At this point, we are going to shift gears and go ahead and install Kasm, but on an alternate port. I referenced this documentation here for the command.
cd /tmp
curl -O https://kasm-static-content.s3.amazonaws.com/kasm_release_1.12.0.d4fd8a.tar.gz
tar -xf kasm_release_1.12.0.d4fd8a.tar.gz
sudo bash kasm_release/install.sh -L 8443This setup is going to take a good amount of time because it is setting up several docker instances and downloading all the default core docker images that you see when you log in.
DELETE NPM INFO FOLLOW THIS GUIDE
Ignore DNS plugin section then run
sudo certbot --nginx -d unifi.example.net
THIS BLOG IS INCOMPLETE WILL UPDATE WHEN I HAVE TIME