on
dns
technitium
ubuntu
- Get link
- Other Apps
Kasm Workspaces provides browser-based access to on-demand containerized desktops and applications.
By default Kasm creates self-signed certificates that are used when connecting to the Web UI. Follow below steps to configure Kasm to use Lets's Encrypt free SSL certificate.
1. Install certbot.
#for Ubuntu 22.04 server
sudo apt-get install python3-certbot2. Optional to allow ingress port 80 in iptables or any other rules (Oracle Cloud's VCN) as certbot require to register and renewal certificate via HTTP connection.
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
3. Register a standalone Let's Encrypted free SSL certificate with a valid FQDN and email address.
sudo certbot certonly --standalone -d your.server.com -m email@server.com4. Stop KASM service.
sudo /opt/kasm/bin/stop5. Backup the default self-signed KASM SSL certificates.
for file in /opt/kasm/current/certs/kasm_nginx.*; do sudo mv $file $file.bak; done6. Create symlink of the Lets's Encrypted SSL certificate to KASM certs directory. Remember to replace the FQDN with yours.
sudo ln -s /etc/letsencrypt/live/your.server.com/fullchain.pem /opt/kasm/current/certs/kasm_nginx.crt
sudo ln -s /etc/letsencrypt/live/your.server.com/privkey.pem /opt/kasm/current/certs/kasm_nginx.key7. Start KASM service.
sudo /opt/kasm/bin/start8. Double check the HTTPS certificate by access the KASM web console using the FQDN.
9. Create certbot pre and post hooks script to restart KASM service during and after certificate auto renewal.
printf \#\!/bin/bash"\n"/opt/kasm/bin/stop | sudo tee /etc/letsencrypt/renewal-hooks/pre/stop_kasm.sh
printf \#\!/bin/bash"\n"/opt/kasm/bin/start | sudo tee /etc/letsencrypt/renewal-hooks/post/start_kasm.sh10. Make both scripts executable.
sudo chmod +x /etc/letsencrypt/renewal-hooks/{pre,post}/*kasm.sh11. Test run certbot renewal to make sure the pre and post hook is working.
ubuntu@kasm:/opt/kasm/current/certs$ sudo certbot renew --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/your.server.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Account registered.
Hook 'pre-hook' ran with output:
Stopping Kasm Services
Hook 'pre-hook' ran with error output:
Container kasm_proxy Stopping
Container kasm_proxy Stopped
Container kasm_api Stopping
Container kasm_agent Stopping
Container kasm_share Stopping
Container kasm_api Stopped
Container kasm_share Stopped
Container kasm_redis Stopping
Container kasm_agent Stopped
Container kasm_manager Stopping
Container kasm_redis Stopped
Container kasm_manager Stopped
Container kasm_db Stopping
Container kasm_db Stopped
Simulating renewal of an existing certificate for your.server.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Congratulations, all simulated renewals succeeded:
/etc/letsencrypt/live/your.server.com/fullchain.pem (success)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Hook 'post-hook' ran with output:
Starting Kasm Services
Hook 'post-hook' ran with error output:
Container kasm_redis Created
Container kasm_db Created
Container kasm_api Created
Container kasm_share Created
Container kasm_manager Created
Container kasm_agent Created
Container kasm_proxy Created
Container kasm_redis Starting
Container kasm_db Starting
Container kasm_redis Started
Container kasm_db Started
Container kasm_manager Starting
Container kasm_api Starting
Container kasm_share Starting
Container kasm_manager Started
Container kasm_agent Starting
Container kasm_share Started
Container kasm_api Started
Container kasm_agent Started
Container kasm_proxy Starting
Container kasm_proxy Started
ubuntu@kasm:/opt/kasm/current/certs$
Comments