Skip to content

Instantly share code, notes, and snippets.

@bright-spark

bright-spark/Install KASM Workspace.sh

Forked from Udara-Dananjaya/Install KASM Workspace.sh
Created September 11, 2024 01:38
Show Gist options
  • Save bright-spark/ce72366f093508e4517f33fa6580cd66 to your computer and use it in GitHub Desktop.
Save bright-spark/ce72366f093508e4517f33fa6580cd66 to your computer and use it in GitHub Desktop.
Download ZIP
Build Kasm Workspace on Ubuntu: Setup swap, firewall, hostname & Kasm installation with SSL. Simplify secure virtual workspaces!
Raw
Install KASM Workspace.sh
# Gain superuser privileges
sudo -i
# Create swap area for managing memory
sudo dd if=/dev/zero bs=1M count=5024 of=/mnt/swapfile.swap
sudo chmod 600 /mnt/swapfile.swap
sudo mkswap /mnt/swapfile.swap
sudo swapon /mnt/swapfile.swap
echo '/mnt/swapfile.swap swap swap defaults 0 0' | sudo tee -a /etc/fstab
# Verify swap area
cat /proc/swaps
# Check available RAM and disk space
free -m
df -h
# Define firewall rules for specified ports and sources
# Subnet > Ingress Rule > Source CIDR > 0.0.0.0/0
# TCP PORTS :80,443 #HTTP and HTTPS
# Update the list of available software packages
sudo apt update -y
# Upgrade installed packages to their latest versions
sudo apt-get upgrade -y
sudo apt-get full-upgrade -y
# Clear existing iptables rules
sudo iptables -P INPUT ACCEPT
sudo iptables -P OUTPUT ACCEPT
sudo iptables -P FORWARD ACCEPT
sudo iptables -F
# Set hostname
hostnamectl set-hostname hostname.domain
hostname
# Get Kasm download link: https://www.kasmweb.com/downloads
# Download Kasm latest version
wget https://kasm-static-content.s3.amazonaws.com/kasm_release_1.11.0.18142e.tar.gz
# Extract the downloaded file
tar -xf kasm_release*.tar.gz
tar -xf kasm_release_1.11.0.18142e.tar.gz
# Run installation script
sudo bash kasm_release/install.sh
# Accept End User License Agreement by typing 'Y'
# Get SSL certificate from 'Let's Encrypt' using Certbot
sudo apt install certbot -y
sudo certbot certonly --standalone -d example.com
sudo ufw allow 80/tcp #Enable 80 Port on firewall
# Upload certificates to Kasm
sudo /opt/kasm/bin/stop
cp /etc/letsencrypt/live/example.com/cert.pem /opt/kasm/current/certs/kasm_nginx.crt
cp /etc/letsencrypt/live/example.com/privkey.pem /opt/kasm/current/certs/kasm_nginx.key
sudo /opt/kasm/bin/start
# Generate CA private key and Kasm private key (commands for generating the keys)
# Generate CA private key
sudo openssl genrsa -aes256 -out private-ca.key 2048
# Create CA self-signed certificate
sudo openssl req -x509 -new -nodes -key private-ca.key -sha256 -days 3650 -out private-ca.pem
sudo cp private-ca.pem /usr/local/share/ca-certificates/private-ca.crt
# Update CA certificates database
sudo update-ca-certificates
sudo update-ca-certificates --fresh / # Rebuild from scratch
# Verify CA certificates database
awk -v cmd='openssl x509 -noout -subject' '/BEGIN/{close(cmd)};{print | cmd}' < /etc/ssl/certs/ca-certificates.crt | grep Cyber
# Generate Kasm private key
sudo openssl genrsa -out kasm.rpi.key 2048
# Create Kasm Certificate Signing Request (CSR)
sudo openssl req -new -key kasm.rpi.key -out kasm.rpi.csr
# Define Kasm certificate extensions
sudo nano kasm.rpi.ext <<EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = kasm.rpi
EOF
# Generate Kasm certificate signed by CA
sudo openssl x509 -req -in kasm.rpi.csr -CA private-ca.pem -CAkey private-ca.key -CAcreateserial -out kasm.rpi.crt -days 730 -sha256 -extfile kasm.rpi.ext
# Upload Kasm certificates
sudo /opt/kasm/bin/stop
sudo cp ~/kasm.rpi.crt /opt/kasm/current/certs/kasm_nginx.crt
sudo cp ~/kasm.rpi.key /opt/kasm/current/certs/kasm_nginx.key
sudo /opt/kasm/bin/start
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment