KASM Workspaces - Container VDI
CRITICAL MUST: Secrets and .env
- •NEVER store live
.envfiles or credentials inside any skill folder. - •
.env.templatefiles belong only intemplates/within a skill. - •Store live secrets in
~/.admin/.env(or another non-skill location you control) and reference them from there.
Purpose: Install KASM Workspaces on a single Ubuntu server and configure secure browser-based desktops.
Step 0: Gather Required Information (MANDATORY)
STOP. Before ANY installation commands, collect ALL parameters from the user.
Copy this checklist and confirm each item:
Required Parameters:
- [ ] KASM_SERVER_IP - Target server IP address
- [ ] SSH_USER - SSH username (default: ubuntu)
- [ ] SSH_KEY_PATH - Path to SSH private key (default: ~/.ssh/id_rsa)
- [ ] KASM_ADMIN_PASSWORD - Admin password (minimum 12 characters)
- [ ] KASM_ADMIN_EMAIL - Admin email (default: admin@kasm.local)
Resource Parameters:
- [ ] Server RAM - Minimum 8GB (4GB KASM + 4GB per concurrent session)
- [ ] SWAP_SIZE_GB - Swap file size (default: 8GB, recommended for ARM64)
Conditional Parameters (ask user):
- [ ] Using Cloudflare Tunnel for HTTPS? (Y/N)
If Y: CLOUDFLARE_API_TOKEN, CLOUDFLARE_ACCOUNT_ID, TUNNEL_HOSTNAME
- [ ] Custom KASM port? (default: 443 after install, 8443 during install)
Password Requirements (KASM enforced)
- •Minimum 12 characters
- •Recommended: use a password manager to generate
DO NOT proceed to Step 1 until ALL required parameters are confirmed.
Step 1: Determine Installation Path
Based on user answers, follow the appropriate workflow:
Path A: Fresh Installation
Use when: New server, no existing KASM installation.
- •Read
references/INSTALLATION.md - •Export all parameters collected in Step 0
- •Follow step-by-step installation
Path B: Post-Installation Configuration
Use when: KASM already installed, need to configure modules.
- •Read
references/QUICKSTART.md - •Run post-installation wizard
Step 2: Secure HTTPS Access
Determine access method based on Step 0 answers:
| Scenario | Action |
|---|---|
| Cloudflare Tunnel = Yes | Read references/cloudflare-tunnel.md (uses noTLSVerify: true) |
| Direct IP only (dev) | Access via https://SERVER_IP (accept self-signed cert) |
Step 3: Verify Installation
Run this verification checklist:
Verification: - [ ] KASM UI accessible at https://SERVER_IP (or tunnel hostname) - [ ] Login with admin credentials works - [ ] At least 8 KASM containers running (docker ps | grep kasm) - [ ] If tunnel: HTTPS working at TUNNEL_HOSTNAME
If login fails: Extract credentials from install_log.txt - see references/INSTALLATION.md section "Get Admin Credentials".
Navigation
Detailed references (one level deep):
- •Manual installation:
references/INSTALLATION.md - •Cloudflare Tunnel:
references/cloudflare-tunnel.md - •Post-installation wizard:
references/QUICKSTART.md - •Wizard user guide:
references/README-WIZARD.md - •Wizard spec (draft):
references/post-installation-interview-spec.md
Critical Rules
- •Ensure Docker CE + Compose plugin installed before KASM.
- •Allocate sufficient RAM per concurrent session (2–4GB).
- •Do not expose installer port 8443 publicly without HTTPS/tunnel.
Logging Integration
log_admin "SUCCESS" "installation" "Installed KASM Workspaces" "version=1.x server=$SERVER_ID" log_admin "SUCCESS" "operation" "Ran KASM post-install wizard" "modules=$MODULES"
Related Skills
- •
admin-devopsfor inventory and provisioning. - •
admin-infra-*for OCI/Hetzner/etc server setup.
References
- •KASM docs: https://kasmweb.com/docs/latest/
- •KASM GitHub: https://github.com/kasmtech