From b3db38ad7673fdbbf53e4a1acaecc5a6ba0f037f Mon Sep 17 00:00:00 2001
From: faulty <didier@faulty.nl>
Date: Tue, 7 Feb 2023 13:14:50 +0100
Subject: [PATCH] hopeful proxy fix

---
 custom/proxy/config/conf.d/proxy-kasm.conf | 41 ++++++++++++++++++++++
 docker-compose.utils.yml                   |  7 ++--
 2 files changed, 45 insertions(+), 3 deletions(-)
 create mode 100644 custom/proxy/config/conf.d/proxy-kasm.conf

diff --git a/custom/proxy/config/conf.d/proxy-kasm.conf b/custom/proxy/config/conf.d/proxy-kasm.conf
new file mode 100644
index 0000000..5e47aca
--- /dev/null
+++ b/custom/proxy/config/conf.d/proxy-kasm.conf
@@ -0,0 +1,41 @@
+server {
+    server_name kasm.neo.faulty.nl;
+    access_log /var/log/nginx/access.log vhost;
+    listen 443 ssl http2 ;
+    ssl_session_timeout 5m;
+    ssl_session_cache shared:SSL:50m;
+    ssl_session_tickets off;
+    ssl_certificate /etc/nginx/certs/kasm.neo.faulty.nl.crt;
+    ssl_certificate_key /etc/nginx/certs/kasm.neo.faulty.nl.key;
+    ssl_dhparam /etc/nginx/certs/kasm.neo.faulty.nl.dhparam.pem;
+    ssl_stapling on;
+    ssl_stapling_verify on;
+    ssl_trusted_certificate /etc/nginx/certs/kasm.neo.faulty.nl.chain.pem;
+
+    location / {
+        # The following configurations must be configured when proxying to Kasm Workspaces
+
+        # WebSocket Support
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+
+        # Host and X headers
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+
+        # Connectivity Options
+        proxy_http_version 1.1;
+        proxy_read_timeout 1800s;
+        proxy_send_timeout 1800s;
+        proxy_connect_timeout 1800s;
+        proxy_buffering off;
+
+        # Allow large requests to support file uploads to sessions
+        client_max_body_size 10M;
+
+        # Proxy to Kasm Workspaces running locally on 8443 using ssl
+        proxy_pass https://kasm:8443 ;
+    }
+}
\ No newline at end of file
diff --git a/docker-compose.utils.yml b/docker-compose.utils.yml
index e15db3a..44180db 100644
--- a/docker-compose.utils.yml
+++ b/docker-compose.utils.yml
@@ -159,14 +159,15 @@ services:
       - '/:/host:ro,rslave'
     cap_add:
       - SYS_TIME
-  
+
   kasm:
     image: lscr.io/linuxserver/kasm:latest
     container_name: kasm
     privileged: true
     environment:
-      - KASM_PORT=4443
+      - KASM_PORT=8443
       - TZ=Europe/London
+      - LETSENCRYPT_HOST=kasm.neo.faulty.nl
     volumes:
       - /srv/kasm/data:/opt
       - /srv/kasm/other/profiles:/profiles #optional
@@ -174,8 +175,8 @@ services:
       - /run/udev/data:/run/udev/data #optional
     ports:
       - 3000:3000
-      - 4443:4443
     restart: unless-stopped
+    proxy:
 
 networks:
   metrics:
\ No newline at end of file