Skip to content
Klutch.sh Docs

Deploying Kasm Workspaces

Introduction

Kasm Workspaces is an enterprise-class container streaming platform that delivers browser-accessible desktops and applications. Using KasmVNC technology, it streams containerized Linux desktops and applications directly to users’ web browsers, eliminating the need for VPN connections or installed client software.

The platform provides data loss prevention, web filtering, and secure access controls, making it ideal for remote work scenarios, BYOD policies, and providing isolated browsing environments. Kasm Workspaces can deliver full desktop experiences or individual applications, all running in disposable containers that leave no trace after sessions end.

Key highlights of Kasm Workspaces:

  • Browser-Based Access: Stream desktops and apps directly to any web browser
  • Container Isolation: Each session runs in an isolated, disposable container
  • KasmVNC Technology: High-performance, low-latency streaming protocol
  • Multi-Platform Images: Access Linux desktops, browsers, and productivity applications
  • Data Loss Prevention: Control data transfer between sessions and local machines
  • Web Filtering: Built-in content filtering and access controls
  • Session Recording: Optional recording of user sessions for compliance
  • Multi-Factor Authentication: Enterprise security with MFA support
  • API Integration: REST API for automation and integration
  • Persistent Profiles: Optional persistent storage for user data

This guide walks through deploying Kasm Workspaces on Klutch.sh using Docker, understanding the platform architecture, and configuring it for secure remote access.

Why Deploy Kasm Workspaces on Klutch.sh

Deploying Kasm Workspaces on Klutch.sh provides several advantages:

Simplified Deployment: Klutch.sh handles the container orchestration, allowing you to deploy Kasm Workspaces without managing underlying infrastructure.

Persistent Storage: Attach persistent volumes for user data, configurations, and database storage.

HTTPS by Default: Klutch.sh provides automatic SSL certificates for secure streaming connections.

Remote Access: Access your virtual desktops and applications from anywhere with just a web browser.

Scalable Resources: Allocate CPU and memory based on the number of concurrent users and workspace types.

Prerequisites

Before deploying Kasm Workspaces on Klutch.sh, ensure you have:

  • A Klutch.sh account
  • A GitHub account with a repository for your configuration
  • Basic familiarity with Docker and containerization concepts
  • Understanding that Kasm requires privileged container access (Docker-in-Docker)

Important Considerations

Kasm Workspaces uses Docker-in-Docker to provision workspace containers. This architecture has specific requirements:

  • Privileged Mode: The container requires privileged access to run nested containers
  • Resource Intensive: Running multiple workspaces requires significant CPU and memory
  • Port Requirements: Initial setup uses port 3000, then switches to the configured HTTPS port

For Klutch.sh deployments, the LinuxServer.io image provides a streamlined single-container experience.

Preparing Your Repository

Repository Structure

kasm-deploy/
├── Dockerfile
└── .dockerignore

Creating the Dockerfile

Create a Dockerfile in the root of your repository:

FROM lscr.io/linuxserver/kasm:latest


# Environment variables
ENV PUID=1000
ENV PGID=1000
ENV TZ=Etc/UTC
ENV KASM_PORT=443


# Volumes:
# /opt - Application data and configuration
# /profiles - User profile data (optional)


EXPOSE 3000 443

Environment Variables Reference

VariableRequiredDefaultDescription
KASM_PORTYes443HTTPS port for web interface
DOCKER_HUB_USERNAMENo-Docker Hub username for private images
DOCKER_HUB_PASSWORDNo-Docker Hub password
DOCKER_MTUNo1500Docker network MTU
PUIDNo1000User ID for file permissions
PGIDNo1000Group ID for file permissions
TZNoEtc/UTCTimezone setting

Creating the .dockerignore File

.git
.github
*.md
LICENSE
.gitignore
*.log
.DS_Store
.env

Deploying Kasm Workspaces on Klutch.sh

    Push Your Repository to GitHub

    Terminal window
    git init
    git add Dockerfile .dockerignore
    git commit -m "Initial Kasm Workspaces deployment configuration"
    git remote add origin https://github.com/yourusername/kasm-deploy.git
    git push -u origin main

    Create a New Project on Klutch.sh

    Navigate to the Klutch.sh dashboard and create a new project. Give it a descriptive name like “kasm” or “workspaces”.

    Create a New App

    Within your project, create a new app. Connect your GitHub account if you haven’t already, then select the repository containing your Kasm Dockerfile.

    Configure HTTP Traffic

    Kasm Workspaces serves its web interface over HTTPS. In the deployment settings:

    • Select HTTP as the traffic type
    • Set the internal port to 443 (or your configured KASM_PORT)

    Set Environment Variables

    VariableValue
    KASM_PORT443
    TZYour timezone (e.g., America/New_York)
    PUID1000
    PGID1000

    Attach Persistent Volumes

    Mount PathRecommended SizePurpose
    /opt20 GBApplication data, images, and configuration
    /profiles10 GBUser profile storage (optional)

    Deploy Your Application

    Click Deploy to start the build process.

    Complete Initial Setup

    1. First access uses port 3000 for the setup wizard
    2. Follow the setup wizard to configure admin credentials
    3. After setup, access moves to the configured KASM_PORT

Initial Setup and Configuration

First-Time Setup Wizard

When first accessing Kasm Workspaces:

  1. Navigate to the setup wizard (initially on port 3000)
  2. Create your administrator account
  3. Configure basic settings like timezone and hostname
  4. Complete the wizard to access the main interface

Adding Workspace Images

Kasm provides many pre-built workspace images:

  1. Navigate to Workspaces in the admin panel
  2. Browse the available image registry
  3. Enable images you want to offer to users
  4. Configure resource limits per workspace type

User Management

Create and manage users:

  1. Go to Users in the admin panel
  2. Create user accounts or enable SSO
  3. Assign appropriate groups and permissions
  4. Users can then launch their own workspace sessions

Production Best Practices

Resource Planning

  • CPU Allocation: Each workspace needs dedicated CPU resources
  • Memory: Allocate 2-4 GB minimum per concurrent workspace
  • Storage: Plan for image storage and user profiles

Security Recommendations

  • Strong Admin Password: Use a complex administrator password
  • Enable MFA: Configure multi-factor authentication
  • Session Timeouts: Set appropriate idle and maximum session times
  • Web Filtering: Enable content filtering for browser workspaces

Troubleshooting Common Issues

Workspaces Not Starting

Solutions:

  • Verify privileged container access is available
  • Check available system resources
  • Review container logs for specific errors

Performance Issues

Solutions:

  • Allocate more CPU and memory resources
  • Reduce concurrent workspace limits
  • Optimize network settings

Additional Resources

Conclusion

Deploying Kasm Workspaces on Klutch.sh provides a powerful platform for delivering browser-accessible desktops and applications. While the full enterprise feature set requires careful resource planning, the combination of Kasm’s streaming technology and Klutch.sh’s deployment simplicity enables secure remote access scenarios.

Whether providing isolated browsing environments, remote development workstations, or secure access to sensitive applications, Kasm Workspaces offers enterprise-grade capabilities in a containerized package.