[Bug] - Remote Desktop workspaces not working behind CloudFlare even after following docs to update default Zone

[bkcberry]

Existing Resources

• [x ] Please search the existing issues for related problems
• [ x] Consult the product documentation : Docs
• [ x] Consult the FAQ : FAQ
• [ x] Consult the Troubleshooting Guide : ((the curl command returns {"ok": true} from my CF URL))
• [x ] Reviewed existing training videos: Youtube

Describe the bug I have just done a fresh install, via the single server docker install script, added an RDP server and workspace, updated the default zone as instructed in the documentation and set the proxy port to 0 and changed the Upstream Auth Address to the VM's local IP (192.168.2.9, also tried: 127.0.0.1, localhost, leaving it as proxy, and my cloudflare URL). I've deleted and restarted the RDP workspace after each change. Each and every time it hangs on Creating a Secure Connection. The RDP workspace works as expected when connecting to kasm from the local ip

To Reproduce see description. I have deleted the docker volume, run a system prune, and reinstalled at least 3 times

Expected behavior A clear and concise description of what you expected to happen.

Screenshots If applicable, add screenshots to help explain your problem.

Workspaces Version Version 1.15

Workspaces Installation Method Single Server docker

Client Browser (please complete the following information):

• OS: Windows 11
• Browser chrome
• Version 123.0.6312.86

Workspace Server Information (please provide the output of the following commands):

• uname -a
• Linux kasm 5.15.0-101-generic #111-Ubuntu SMP Tue Mar 5 20:16:58 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux
• cat /etc/os-release

 - PRETTY_NAME="Ubuntu 22.04.4 LTS"
NAME="Ubuntu"
VERSION_ID="22.04"
VERSION="22.04.4 LTS (Jammy Jellyfish)"
VERSION_CODENAME=jammy
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=jammy

• sudo docker info

Client: Docker Engine - Community
 Version:    26.0.0
 Context:    default
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc.)
    Version:  v0.13.1
    Path:     /usr/libexec/docker/cli-plugins/docker-buildx
  compose: Docker Compose (Docker Inc.)
    Version:  v2.25.0
    Path:     /usr/libexec/docker/cli-plugins/docker-compose

Server:
 Containers: 8
  Running: 8
  Paused: 0
  Stopped: 0
 Images: 12
 Server Version: 26.0.0
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Using metacopy: false
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: systemd
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: ae07eda36dd25f8a1b98dfbf587313b99c0190bb
 runc version: v1.1.12-0-g51d5e94
 init version: de40ad0
 Security Options:
  apparmor
  seccomp
   Profile: builtin
  cgroupns
 Kernel Version: 5.15.0-101-generic
 Operating System: Ubuntu 22.04.4 LTS
 OSType: linux
 Architecture: x86_64
 CPUs: 8
 Total Memory: 7.75GiB
 Name: kasm
 ID: 13d812df-45da-4125-a4e1-baf0714b70d7
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false

• sudo docker ps | grep kasm

9d1e220ef643   kasmweb/nginx:1.25.3       "/docker-entrypoint.…"   35 minutes ago   Up 18 minutes             80/tcp, 0.0.0.0:443->443/tcp, :::443->443/tcp   kasm_proxy
82546a70269b   kasmweb/share:1.15.0       "/bin/sh -c '/usr/bi…"   35 minutes ago   Up 18 minutes (healthy)   8182/tcp                                        kasm_share
6dde141dd29b   kasmweb/agent:1.15.0       "/bin/sh -c '/usr/bi…"   35 minutes ago   Up 18 minutes (healthy)   4444/tcp                                        kasm_agent
1776970b0cc8   kasmweb/kasm-guac:1.15.0   "/dockerentrypoint.sh"   35 minutes ago   Up 18 minutes (healthy)                                                   kasm_guac
7a8dfa969c6e   redis:5-alpine             "docker-entrypoint.s…"   35 minutes ago   Up 18 minutes             6379/tcp                                        kasm_redis
6cc39d52e117   kasmweb/manager:1.15.0     "/bin/sh -c '/usr/bi…"   35 minutes ago   Up 18 minutes (healthy)   8181/tcp                                        kasm_manager
19393b36ee2f   kasmweb/api:1.15.0         "/bin/sh -c '/usr/bi…"   35 minutes ago   Up 18 minutes (healthy)   8080/tcp                                        kasm_api
b7c8b6cb5571   postgres:12-alpine         "docker-entrypoint.s…"   36 minutes ago   Up 18 minutes (healthy)   5432/tcp                                        kasm_db

Additional context This is a fresh install of ubuntu, fresh install of kasm 1.15. The only things I've done are add a server and workspace and update the zone info as instructed

There are a few errors showing up in the logs:

[server] Healthcheck failed for "proxy". Error: Request failed with status code 502

host: kasm
ingest_date: 202404021541
application: connection_proxy
levelname: ERROR
message
Request failed with status code 500
{"message":"Request failed with status code 500","name":"AxiosError","stack":"AxiosError: Request failed with status code 500\n    at settle (/gclient/node_modules/axios/dist/node/axios.cjs:1967:12)\n    at IncomingMessage.handleStreamEnd (/gclient/node_modules/axios/dist/node/axios.cjs:3066:11)\n    at IncomingMessage.emit (node:events:525:35)\n    at endReadableNT (node:internal/streams/readable:1358:12)\n    at processTicksAndRejections (node:internal/process/task_queues:83:21)\n    at Axios.request (/gclient/node_modules/axios/dist/node/axios.cjs:3877:41)\n    at runMicrotasks (<anonymous>)\n    at processTicksAndRejections (node:internal/process/task_queues:96:5)\n    at async Object.authorizeGuacSession (/gclient/kasm.js:183:13)\n    at async /gclient/server.js:30:21","config":{"transitional":{"silentJSONParsing":true,"forcedJSONParsing":true,"clarifyTimeoutError":false},"adapter":["xhr","http"],"transformRequest":[null],"transformResponse":[null],"timeout":0,"xsrfCookieName":"XSRF-TOKEN","xsrfHeaderName":"X-XSRF-TOKEN","maxContentLength":-1,"maxBodyLength":-1,"env":{"Blob":null},"headers":{"Accept":"application/json, text/plain, */*","Content-Type":"application/json","User-Agent":"axios/1.6.7","Content-Length":"1179","Accept-Encoding":"gzip, compress, deflate, br"},"httpsAgent":{"_events":{},"_eventsCount":2,"defaultPort":443,"protocol":"https:","options":{"rejectUnauthorized":false,"path":null},"requests":{},"sockets":{},"freeSockets":{},"keepAliveMsecs":1000,"keepAlive":false,"maxSockets":null,"maxFreeSockets":256,"scheduling":"lifo","maxTotalSockets":null,"totalSocketCount":0,"maxCachedSessions":100,"_sessionCache":{"map":{"proxy:443::::::::false:::::::::::::":{"type":"Buffer","data":[48,130,5,71,2,1,1,2,2,3,4,4,2,19,2,4,32,98,159,19,64,61,208,23,57,159,63,105,103,11,155,228,158,23,43,27,138,146,252,28,142,235,107,239,158,101,121,153,197,4,48,192,132,241,201,219,149,40,210,230,96,152,153,146,88,146,38,53,168,148,0,185,4,196,170,104,134,20,212,17,192,105,242,35,248,65,139,163,177,198,18,115,99,37,47,52,9,190,37,161,6,2,4,102,12,39,28,162,4,2,2,28,32,163,130,3,207,48,130,3,203,48,130,2,179,160,3,2,1,2,2,20,77,101,115,108,139,89,67,218,187,253,207,28,183,48,154,83,16,153,66,14,48,13,6,9,42,134,72,134,247,13,1,1,11,5,0,48,117,49,11,48,9,6,3,85,4,6,19,2,85,83,49,11,48,9,6,3,85,4,8,12,2,86,65,49,13,48,11,6,3,85,4,7,12,4,78,111,110,101,49,13,48,11,6,3,85,4,10,12,4,78,111,110,101,49,13,48,11,6,3,85,4,11,12,4,68,111,70,117,49,13,48,11,6,3,85,4,3,12,4,107,97,115,109,49,29,48,27,6,9,42,134,72,134,247,13,1,9,1,22,14,110,111,110,101,64,110,111,110,101,46,110,111,110,101,48,30,23,13,50,52,48,52,48,50,49,53,50,55,49,57,90,23,13,50,57,48,52,48,49,49,53,50,55,49,57,90,48,117,49,11,48,9,6,3,85,4,6,19,2,85,83,49,11,48,9,6,3,85,4,8,12,2,86,65,49,13,48,11,6,3,85,4,7,12,4,78,111,110,101,49,13,48,11,6,3,85,4,10,12,4,78,111,110,101,49,13,48,11,6,3,85,4,11,12,4,68,111,70,117,49,13,48,11,6,3,85,4,3,12,4,107,97,115,109,49,29,48,27,6,9,42,134,72,134,247,13,1,9,1,22,14,110,111,110,101,64,110,111,110,101,46,110,111,110,101,48,130,1,34,48,13,6,9,42,134,72,134,247,13,1,1,1,5,0,3,130,1,15,0,48,130,1,10,2,130,1,1,0,187,27,26,77,52,253,222,150,100,6,237,228,157,95,66,148,151,115,54,119,235,111,239,12,214,96,46,129,226,120,92,140,30,216,119,219,206,34,183,157,133,31,177,64,234,91,48,177,68,111,132,35,65,148,87,252,172,248,45,61,189,38,133,102,130,0,191,74,95,105,76,18,188,74,45,107,66,10,223,153,47,115,222,207,233,23,199,183,23,252,123,216,234,74,113,96,189,44,133,197,242,168,207,142,21,105,73,212,154,90,40,73,31,108,73,136,65,200,231,116,113,55,37,180,195,14,155,207,215,122,172,242,51,206,20,203,58,87,127,157,37,90,101,52,36,150,91,91,209,145,132,13,175,198,206,186,63,41,12,240,78,110,89,248,164,20,95,140,136,65,175,66,40,218,171,180,114,223,250,161,132,86,185,136,200,104,212,249,196,204,82,29,189,83,91,85,80,142,28,232,151,89,182,58,54,235,49,255,54,229,6,171,189,252,132,30,144,112,91,55,187,58,226,54,76,225,39,219,44,209,173,49,241,111,55,12,25,87,135,95,149,161,37,227,198,158,76,189,102,92,67,234,20,56,10,113,2,3,1,0,1,163,83,48,81,48,29,6,3,85,29,14,4,22,4,20,245,118,183,17,46,122,12,104,240,117,97,140,171,97,233,220,85,142,7,15,48,31,6,3,85,29,35,4,24,48,22,128,20,245,118,183,17,46,122,12,104,240,117,97,140,171,97,233,220,85,142,7,15,48,15,6,3,85,29,19,1,1,255,4,5,48,3,1,1,255,48,13,6,9,42,134,72,134,247,13,1,1,11,5,0,3,130,1,1,0,63,63,236,248,141,79,154,8,76,1,202,138,22,91,226,152,138,45,156,160,144,82,197,72,64,161,65,54,41,126,96,39,241,108,207,178,67,246,22,181,214,74,32,143,168,109,113,53,215,84,176,244,154,222,179,15,170,119,67,108,22,132,153,153,137,88,170,74,222,187,50,115,19,1,22,203,172,133,225,221,110,3,166,68,88,173,109,27,223,114,1,243,2,235,253,76,10,53,184,168,144,140,112,243,170,166,140,165,16,167,7,80,131,230,242,213,37,226,180,36,55,96,124,205,47,124,169,104,146,10,172,234,158,66,11,237,75,112,242,69,46,123,76,73,198,166,163,241,63,117,42,17,219,195,38,196,190,216,61,210,27,79,79,249,179,231,62,56,166,42,158,192,23,151,55,115,225,82,148,212,30,230,211,58,123,21,156,88,249,95,168,89,35,80,207,37,249,107,140,193,107,106,222,77,138,222,138,162,110,139,27,63,240,125,121,57,122,31,215,151,54,148,3,242,39,140,191,114,125,229,79,189,19,200,74,19,43,8,73,103,133,158,112,122,99,167,49,93,88,11,104,229,7,177,128,11,164,2,4,0,165,3,2,1,18,166,7,4,5,112,114,111,120,121,169,4,2,2,0,142,170,129,227,4,129,224,68,93,44,2,65,254,101,131,163,243,191,109,108,93,36,33,168,31,173,116,144,154,95,192,19,226,222,228,2,163,194,212,152,231,215,84,117,39,242,248,22,171,26,3,173,76,223,218,0,131,34,21,21,120,149,225,48,9,177,211,177,251,89,104,169,189,1,155,167,28,150,20,29,32,168,9,59,171,31,165,174,191,195,93,84,236,251,135,201,151,52,40,178,14,3,14,14,42,57,35,176,216,112,215,151,81,234,108,182,149,84,154,222,156,232,189,116,244,228,182,159,16,7,3,165,21,212,58,148,223,57,80,86,202,76,169,196,118,251,239,64,246,206,9,172,245,200,192,0,79,228,43,98,38,212,143,150,11,110,35,101,186,121,42,54,208,190,248,96,128,146,129,201,215,208,209,99,174,222,205,128,121,52,146,125,117,213,197,144,112,57,134,78,224,220,246,255,111,248,243,187,82,122,90,169,0,115,73,209,11,178,243,29,104,187,155,211,209,143,157,230,11,62,77,174,7,2,5,0,132,58,103,19]},"kasm_proxy:443::::::::false:::::::::::::":{"type":"Buffer","data":[48,130,5,91,2,1,1,2,2,3,4,4,2,19,2,4,32,29,240,107,134,120,142,227,178,252,255,147,218,139,157,32,24,87,137,117,13,105,205,212,70,201,56,33,99,183,250,133,212,4,48,204,227,134,208,153,9,59,194,176,181,71,60,112,178,180,180,37,148,205,255,9,6,20,155,229,168,35,176,217,147,103,232,70,136,167,56,115,62,219,51,113,205,94,172,190,77,19,124,161,6,2,4,102,12,36,34,162,4,2,2,28,32,163,130,3,207,48,130,3,203,48,130,2,179,160,3,2,1,2,2,20,77,101,115,108,139,89,67,218,187,253,207,28,183,48,154,83,16,153,66,14,48,13,6,9,42,134,72,134,247,13,1,1,11,5,0,48,117,49,11,48,9,6,3,85,4,6,19,2,85,83,49,11,48,9,6,3,85,4,8,12,2,86,65,49,13,48,11,6,3,85,4,7,12,4,78,111,110,101,49,13,48,11,6,3,85,4,10,12,4,78,111,110,101,49,13,48,11,6,3,85,4,11,12,4,68,111,70,117,49,13,48,11,6,3,85,4,3,12,4,107,97,115,109,49,29,48,27,6,9,42,134,72,134,247,13,1,9,1,22,14,110,111,110,101,64,110,111,110,101,46,110,111,110,101,48,30,23,13,50,52,48,52,48,50,49,53,50,55,49,57,90,23,13,50,57,48,52,48,49,49,53,50,55,49,57,90,48,117,49,11,48,9,6,3,85,4,6,19,2,85,83,49,11,48,9,6,3,85,4,8,12,2,86,65,49,13,48,11,6,3,85,4,7,12,4,78,111,110,101,49,13,48,11,6,3,85,4,10,12,4,78,111,110,101,49,13,48,11,6,3,85,4,11,12,4,68,111,70,117,49,13,48,11,6,3,85,4,3,12,4,107,97,115,109,49,29,48,27,6,9,42,134,72,134,247,13,1,9,1,22,14,110,111,110,101,64,110,111,110,101,46,110,111,110,101,48,130,1,34,48,13,6,9,42,134,72,134,247,13,1,1,1,5,0,3,130,1,15,0,48,130,1,10,2,130,1,1,0,187,27,26,77,52,253,222,150,100,6,237,228,157,95,66,148,151,115,54,119,235,111,239,12,214,96,46,129,226,120,92,140,30,216,119,219,206,34,183,157,133,31,177,64,234,91,48,177,68,111,132,35,65,148,87,252,172,248,45,61,189,38,133,102,130,0,191,74,95,105,76,18,188,74,45,107,66,10,223,153,47,115,222,207,233,23,199,183,23,252,123,216,234,74,113,96,189,44,133,197,242,168,207,142,21,105,73,212,154,90,40,73,31,108,73,136,65,200,231,116,113,55,37,180,195,14,155,207,215,122,172,242,51,206,20,203,58,87,127,157,37,90,101,52,36,150,91,91,209,145,132,13,175,198,206,186,63,41,12,240,78,110,89,248,164,20,95,140,136,65,175,66,40,218,171,180,114,223,250,161,132,86,185,136,200,104,212,249,196,204,82,29,189,83,91,85,80,142,28,232,151,89,182,58,54,235,49,255,54,229,6,171,189,252,132,30,144,112,91,55,187,58,226,54,76,225,39,219,44,209,173,49,241,111,55,12,25,87,135,95,149,161,37,227,198,158,76,189,102,92,67,234,20,56,10,113,2,3,1,0,1,163,83,48,81,48,29,6,3,85,29,14,4,22,4,20,245,118,183,17,46,122,12,104,240,117,97,140,171,97,233,220,85,142,7,15,48,31,6,3,85,29,35,4,24,48,22,128,20,245,118,183,17,46,122,12,104,240,117,97,140,171,97,233,220,85,142,7,15,48,15,6,3,85,29,19,1,1,255,4,5,48,3,1,1,255,48,13,6,9,42,134,72,134,247,13,1,1,11,5,0,3,130,1,1,0,63,63,236,248,141,79,154,8,76,1,202,138,22,91,226,152,138,45,156,160,144,82,197,72,64,161,65,54,41,126,96,39,241,108,207,178,67,246,22,181,214,74,32,143,168,109,113,53,215,84,176,244,154,222,179,15,170,119,67,108,22,132,153,153,137,88,170,74,222,187,50,115,19,1,22,203,172,133,225,221,110,3,166,68,88,173,109,27,223,114,1,243,2,235,253,76,10,53,184,168,144,140,112,243,170,166,140,165,16,167,7,80,131,230,242,213,37,226,180,36,55,96,124,205,47,124,169,104,146,10,172,234,158,66,11,237,75,112,242,69,46,123,76,73,198,166,163,241,63,117,42,17,219,195,38,196,190,216,61,210,27,79,79,249,179,231,62,56,166,42,158,192,23,151,55,115,225,82,148,212,30,230,211,58,123,21,156,88,249,95,168,89,35,80,207,37,249,107,140,193,107,106,222,77,138,222,138,162,110,139,27,63,240,125,121,57,122,31,215,151,54,148,3,242,39,140,191,114,125,229,79,189,19,200,74,19,43,8,73,103,133,158,112,122,99,167,49,93,88,11,104,229,7,177,128,11,164,2,4,0,165,3,2,1,18,166,12,4,10,107,97,115,109,95,112,114,111,120,121,169,4,2,2,1,42,170,129,243,4,129,240,68,93,44,2,65,254,101,131,163,243,191,109,108,93,36,33,122,182,11,41,39,54,216,124,241,50,12,242,187,147,49,140,146,197,241,176,112,20,1,41,66,156,192,202,36,51,248,90,215,250,28,70,231,238,76,149,12,30,25,168,17,78,76,231,69,203,13,114,185,152,244,50,66,229,229,35,218,19,160,117,86,109,133,67,91,254,100,202,128,154,224,169,46,89,131,187,3,171,88,126,61,157,25,19,197,0,104,158,233,136,92,224,94,239,194,206,75,150,231,5,79,125,207,247,42,180,85,165,147,60,10,115,146,150,41,231,245,242,144,219,111,194,62,28,134,72,2,47,6,6,51,232,211,50,92,97,77,207,130,57,199,124,157,6,100,229,31,120,36,15,244,162,118,79,5,108,161,8,19,141,53,21,200,24,26,126,174,15,65,230,128,192,119,48,89,93,132,206,79,156,214,166,237,3,145,126,35,207,100,211,107,16,49,250,150,61,213,52,84,219,220,73,180,112,146,243,91,80,222,107,75,136,153,169,31,214,80,181,249,43,174,6,2,4,117,255,81,239]}},"list":["proxy:443::::::::false:::::::::::::","kasm_proxy:443::::::::false:::::::::::::"]}},"method":"post","url":"https://proxy:443/api/guac_auth","data":"{\"username\":\"[email protected]\",\"token\":\"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJzZXNzaW9uX3Rva2VuX2lkIjoiYzY1NDdmNzEtZTdjZS00OTdkLTkzMjgtZDAyMTBmOWJhMDY5IiwiYXV0aG9yaXphdGlvbnMiOlsxMDAsMjAwXSwiZXhwIjoxNzEyMzYwMzczfQ.vtm76DOhfYFXoIIPhKlr-vZ7OQJlnGKUu4zqpF-Xqw0ENvlPw03wctOtrHRxg5qk1ctYGoCi7bj0v41d08ZEvtIbHG7x1RxUxZ1gsoan6v5ya_cX3YroIRMrI9fEilM2_4uTzJy0m0mWGeECbuaqYaj45uqD-Rf9uLGofZPvRPuwqFpWSCGiw95feEBai5J07V-5eNom5kZUdzCotwYGmJ45SE8d2HUy-Xfg4zxGx3OCDOH_4vMEmt4wyRewVA3yfM9n8N5iEtGla4BYh_UGt2ddar3Un0Hfe9JW8RfDBRpqAMnIysKZqhgFvmVWRmH9Ap7FuuX79Jb-N7HekFzITw\",\"kasm_id\":\"f20be7f435674083bf713c2fe0c9e99e\",\"kasm_client_key\":\"\",\"service\":\"kasm_guac\",\"auth_token\":\"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJjb25uZWN0aW9uX3Byb3h5X2lkIjoiMGYyNTQwNDQtYjIzYi00MTZiLTgzMjItYjZjZDRlMWViOGI5IiwiZXhwIjoxNzQzNjA3NzE4LCJhdXRob3JpemF0aW9ucyI6WzgwXX0.vVvv1lt6KPjROPs0sgVdJ-IbmmsSNz0fOvjwx3QzKe0oUEIGMchLQskQrJdDEXVpMoc6lVZXKZBvM6tbt_llidQS3sqDQWaagLpGEbfn8k91im_e8AqD74H09Cc2QPP20JCkHPM7GTRmIwsC2Wqt0HK9UwG7L66RrYLQutNZVqg_9WyQmRPLkTC3T9RwJm7wrYign7lEx3f4LvMU-WtF0DhulHMFxU7N69Xskpzt2F8Z-3VKQY2lMLXhnCnskq_VenkK64lL8JvNxeBwqKzSMRCirwKRDf3EubXbZgYc1AeOPLLu-nH5HQIy8ZeSn02WhnZqVrmk895C9dq5alZIMg\"}"},"code":"ERR_BAD_RESPONSE","status":500}
AxiosError: Request failed with status code 500
    at settle (/gclient/node_modules/axios/dist/node/axios.cjs:1967:12)
    at IncomingMessage.handleStreamEnd (/gclient/node_modules/axios/dist/node/axios.cjs:3066:11)
    at IncomingMessage.emit (node:events:525:35)
    at endReadableNT (node:internal/streams/readable:1358:12)
    at processTicksAndRejections (node:internal/process/task_queues:83:21)
    at Axios.request (/gclient/node_modules/axios/dist/node/axios.cjs:3877:41)
    at runMicrotasks (<anonymous>)
    at processTicksAndRejections (node:internal/process/task_queues:96:5)
    at async Object.authorizeGuacSession (/gclient/kasm.js:183:13)
    at async /gclient/server.js:30:21

host: kasm
ingest_date: 202404021541
application: kasm_api
levelname: ERROR
kasm_user_name: [email protected]
process: cherrypy.error.140577059310080
client_ip: 172.18.0.2
user_agent: axios/1.6.7
message
[02/Apr/2024:15:41:16] HTTP 
Traceback (most recent call last):
  File "cherrypy/_cprequest.py", line 628, in respond
  File "cherrypy/_cprequest.py", line 687, in _do_respond
  File "cherrypy/lib/encoding.py", line 219, in __call__
  File "cherrypy/lib/jsontools.py", line 59, in json_handler
  File "cherrypy/_cpdispatch.py", line 54, in __call__
  File "utils.py", line 321, in new_func
  File "client_api.py", line 2675, in guac_auth
  File "data/access_postgres.py", line 840, in updateKasm
  File "data/access_postgres.py", line 5233, in _save
  File "data/access_postgres.py", line 5230, in _save
  File "sqlalchemy/orm/session.py", line 1026, in commit
  File "sqlalchemy/orm/session.py", line 493, in commit
  File "sqlalchemy/orm/session.py", line 472, in _prepare_impl
  File "sqlalchemy/orm/session.py", line 2451, in flush
  File "sqlalchemy/orm/session.py", line 2589, in _flush
  File "sqlalchemy/util/langhelpers.py", line 68, in __exit__
  File "sqlalchemy/util/compat.py", line 129, in reraise
  File "sqlalchemy/orm/session.py", line 2549, in _flush
  File "sqlalchemy/orm/unitofwork.py", line 422, in execute
  File "sqlalchemy/orm/unitofwork.py", line 586, in execute
  File "sqlalchemy/orm/persistence.py", line 230, in save_obj
  File "sqlalchemy/orm/persistence.py", line 1008, in _emit_update_statements
sqlalchemy.orm.exc.StaleDataError: UPDATE statement on table 'kasms' expected to update 1 row(s); 0 were matched.

[bkcberry]

It seems to be working now. I went to Connection Proxies and changed the Server Address of the proxy to be the machine's local IP address

[mmcclaskey]

For a single server install, docker automatically creates host entry for each container by name, so the containers can reference each other by name. The 'proxy' is the nginx container. Sometimes, if the containers are started or restarted out of order, the container may not have the name translation. This is not supposed to happen, since the docker compose file ensures containers are started in the proper order. However, if you manually ran 'sudo docker restart kasm_guac' or similar commands, it may occur.

If issues like this happen, it is always best to run

sudo /opt/kasm/bin/stop
sudo /opt/kasm/bin/start

This will restart all kasm services and ensure they are started back up in the proper order.

[bkcberry]

I probably spent 10 hours across 3 complete reinstalls troubleshooting this problem, there is no way this was caused by services coming up in the wrong order. This is supported by the fact that everything worked correctly while using the cloudflare url from within my local network, but not from an external network. Everything started working correctly when I changed the entry for the proxy address

[mmcclaskey]

Sorry to hear it was such a headache for you. I offered only the most common issue. But given all the combinations of environments and configurations that users and drop kasm in, there are always a bunch of edge cases.

Can you provide a bit more detail. Was this VM deployed in the cloud and if so which one? I will try to replicate, want to get as close as possible.

[bkcberry]

I understand, just wanted to clarify. It's not in the cloud, I have the VM running in Proxmox

[Bearson2006]

I want to piggy back off this post, and say that I have the same issue:

I am using KASM on a local server. I set up a Cloudflare tunnel and having an issue with the connection proxies. When I use it on the local network, the connections through GUAC work fine. When I run it in the Cloudflare tunnel, the connection sits there loading and never starts. If I go to the local IP address of KASM and log in, I see the instance running and I can connect with no problem. Any Ideas? From what I can see it may be a proxy error between the Cloudflare connection when using GUAC connection proxy. What settings should we be using in the Infrastructure > Zones & Connection Proxies section

[bkcberry]

I haven't been able to get it to work reliably, which is extremely frustrating because the older version of kasm was rock solid and I used it almost daily. Remmina is a terrible workaround if you're desperate

[Bearson2006]

I didn't get a chance to try the older versions but this version seems to look very nice and well thought out.. now if we could just get it to work behind the cloud tunnel, I could test it out for my organization as during times when we do remote work from home this would be a great tool to use. I had our developer look at the output you posted and it is what I am seeing as well. He believes it's a bug as well.

[mmcclaskey]

@Bearson2006 @bkcberry

Please forgive my ignorance, I am not a cloudflare user, but I gave it a whirl using the docs here. I understand there are multiple ways to setup a cloudflare tunnel, and I am using the quick and dirty method. https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/do-more-with-tunnels/trycloudflare/

Our how-to docs cover the more involved method. https://www.kasmweb.com/docs/latest/how_to/cloudflare_tunnels.html#cloudflare-tunnels

I did get it working with our standard installation with no changes to zone or global settings. This is not required for a single server install, however, there would likely be changes required for a multi-server installation behind cloudflare.

My very first RDP session did hang on the "Creating a Secure Connection" screen, but I was never able to replicate that. It occurred only once and I have created dozens of sessions with no issues.

Would you be able to try again using a standard installation with no changes to your global or zone settings.

Additionally, you may try our developer preview build... https://kasmweb-build-artifacts.s3.amazonaws.com/kasm_backend/branches/develop/kasm_workspaces_develop.tar.gz

[fish-not-phish]

I have a fresh install of Kasm (1.15.0) sitting on an Ubuntu VM on an ESXi host. The Windows VM I am attempting to connect to is on the same ESXi host. The goal is to VLAN the Windows VM from Kasm, but to use Cloudflare to connect via the tunnel. This would stop local communication, but I would still be able to access the RDP "externally" through the tunnel. For clarity, that is the end goal - the Windows VM is not currently VLAN'd yet as I wanted to test if I could set up the RDP before enabling the VLAN.

Cloudflare docs on how to create RDP access through cloudflared access.

My Kasm Web GUI (not RDP) is behind a Cloudflare tunnel itself and is accessible through the URL associated to the tunnel.

I have set up my Cloudflare tunnel (for RDP) and I am able to RDP from the Kasm VM guest via the terminal (for testing), just so I know that the tunnel is working properly. Essentially, I just punch this in my terminal:

/usr/local/bin/cloudflared access rdp --hostname rdp.example.com --url rdp://localhost:6666

Tested connection with this command from terminal: xfreerdp /v:rdp.example.com /u:<username> /p:<password>

I changed the port because my Windows VM is using 3389. The port 6666 (arbitrary port number) works fine though. I used FreeRDP from the terminal to test connectivity and it works. However, when I move over to try and RDP from Kasm using: Infrastructure > Server it no longer works.

I have read that a few folks set up a new Infrastructure > Zone for this and also configure a Infrastructure > Connection Proxies. I currently only have 1 Zone (the default one).

Right now I have reset my Infrastructure > Server so that I can just RDP locally:

• Deployment Zone: default
• Pool: -
• IP/Hostname: 192.168.0.X
• Connection Type: RDP
• Connection port: 3389
• Connection Username: <redacted>
• Connection Password: <redacted>

My Zone (default):

• Zone Name: default
• Allow Origin Domain: $request_host$
• Upstream Auth Address: proxy
• Load Balance Strategy: Least Load
• Proxy Hostname: $request_host$
• Proxy Path: desktop
• Proxy port: 0

My Connection Proxy (default):

• Server Address: proxy
• Server Port: 443
• Connection Type: GUAC
• Authentication Token: <redacted>
• Zone: default

I have read that folks change the Proxy Port to 0, and change the Upstream Auth Address and some other items, but it's never clear what values I need to place there. Has anyone gone through this process and willing to offer some advice? Any help is appreciated :)

[Bearson2006]

I tested it out over my mobile phone and it looks to be working without any problems when I go to start a container. My test container is always the Chrome app and Edge app. When I access Kasm through my tunnel/domain I can log in and start the app/container. It runs fine. My mobile phone is running Google Chrome 124.0.6367.82. When I run it on my Mac I get the problem, Chrome or Edge container gives me the establishing connection issue. Google Chrome 124.0.6367.92. I then tried it in Safari and it works just fine, and on my home device, Surface 8 with Chrome ver. 124.0.6367.61. Looks like it is working just fine as well. I can only suspect this is a happening on my particular version of Chrome on my Mac.

[jeffreybarrows]

It seems to be working now. I went to Connection Proxies and changed the Server Address of the proxy to be the machine's local IP address

Hello, just for clarification, since I am experiencing this same issue, you said that you went to Connection Proxies and changed the Server Address of the proxy to be the machine's local IP address. Is that the local ip address of the VM that Kasm is installed on? or is it the address of the Windows VM that you are trying to RDP to? Is your solution/workaround still working?

[twf0]

I think I have the same issue, I have KASM running on fresh installed ubuntu withe the single install script. I can access in local with https to kasm and load container but it's not working with domain (behind cloudflare) and a reverse proxy. (The reverse proxy is working because i can access the admin page)

It does not seem to be a client side issue. I read the docs and the troubleshooting docs, everything looks good and I also try to change the proxy connection setting to the ip of the KASM VM, no results.

• Ubuntu 22.04
• KASM 1.15.0.577587

I can provide any logs u want :)

[Bearson2006]

I would test it with multiple devices and browsers. You want to see if it will start in either of them locally, and then try the domain URL through Cloudflare. From what I was able to see, it was not working in Google Chrome on my policy-managed device. When I tried it through Safari it worked just fine. So in my case, a web filter is blocking it. You will also want to make sure you have set the proxy connection setting as well. This does seem to help.

[j-travis]

I would test it with multiple devices and browsers. You want to see if it will start in either of them locally, and then try the domain URL through Cloudflare. From what I was able to see, it was not working in Google Chrome on my policy-managed device. When I tried it through Safari it worked just fine. So in my case, a web filter is blocking it. You will also want to make sure you have set the proxy connection setting as well. This does seem to help.

Also when testing, always create new sessions, do not try to resume existing sessions

[pthoelken]

I have the same problem here. So sesssions with Ubuntu Desktop for example works fine ... but GUAC (Windows RDP) sessions absolutely not.

All the time, when I've try to access the RDP Session I've got these kind of errors.

My setup is also with Cloudflare and no CLoudflare proxy. So CF is a simple DNS service in this case. Is there any chance to solve this problem? Otherwise Kasm is not able to use for me.

[pthoelken]

@j-travis is this an existing bug in kasm? Many people getting in trouble with this.

[ramphex]

I have two similar errors in the log, not using cloudflare.

[server] Healthcheck failed for "kasm_proxy". Error: Request failed with status code 502

[server] Healthcheck failed for "proxy". Error: getaddrinfo ENOTFOUND proxy

[mrantillies]

I've done some testing on this, and as far as I can tell this only affects users running on Chrome based browsers. When using Firefox it can hang, but once you've got around it by launching the application again from the Kasm dashboard it launches all the time. Safari and Chromium based browsers all suffer from this though

[SomeRandomInternetGuyDotCom]

Just wanted to add my experience and some additional notes.

Having the same issue with RDP sessions in web native viewer hanging. This only happens in chrome or chromium based browsers (firefox works fine). This happens when accessing the server via CF tunnel or direct via reverse proxy (caddy in my case). Does not happen when accessing the server directly via IP (bypassing any sort of reverse proxy, CF or caddy).

The interesting thing is that this is ONLY with the session initiation. If you try it in chrome, then refresh while it is sitting on the "Setting up secure connection" screen it will then connect. Or if you go back and then resume the session, it will connect after the first failure. It almost seems like it is trying to connect too quickly to the RDP session before it is fully setup and then fails and gives up. But once the RDP session is established, it can connect the web viewer up with no problems.

As others I see numerous 500 errors when the connection is first being setup (this also happens in Firefox but I believe it is not impacted because firefox is auto retrying whereas chrome just gives up and stops). The 500 errors are only seeming to be registered in the browser, on the server when I look through the logs I don't see any errors.

This is ONLY impacting web view RDP, other Kasms work fine.
Using the RDP connection via https gateway rather than the web native viewer always works fine without issues.

Have tried the following with no change: Updated to the latest, 1.16.1, version Modified the proxy settings (set host name, FQDN, IP address, 'proxy') Modified proxy server (Guac) settings and hostname Modified all the settings in zones (flipped things on/off, etc) Modified port settings Rebooted server Routed traffic through different reverse proxy (CF to Caddy and vice versa) Tried external/internal via proxy (no difference) Tried different RDP endpoints (multiple servers, VMs, on same network, different networks, mesh VPNs, etc)

Also get application errors in browser when setting up connection, the normal error is just a kasm application error: rdp.js:4 Uncaught TypeError: window.kasm.Application is not a constructor at rdp.js:4:13 (anonymous) @ rdp.js:4

When this happens there is no websocket connection. When the session is resumed, the error isn't shown and then websocket connection works as does the rest of the webview session.

[zimmra]

Can confirm I'm experiencing the same with RDP sessions.

Refreshing in Chrome gets it to load eventually, but sometimes takes several refreshes.

Firefox doesn't seem to be impacted by the issue

The consistent errors I see in the console when it refuses to load is either

Application.js:26 Uncaught TypeError: Cannot read properties of undefined (reading 'debounce')
    at new Application (Application.js:26:42)
    at rdp.js:4:13
Application	@	Application.js:26
(anonymous)	@	rdp.js:4

or

utils.js:16 TypeError: Guacamole.WebSocketTunnel is not a constructor
    at Application.js:242:22
    at new Promise (<anonymous>)
    at Application._connectToGuac (Application.js:239:12)
    at Application.connect (Application.js:55:30)
    at rdp.js:20:17
    at window.kasm.utils.retryWithBackoff (utils.js:13:13)
    at rdp.js:19:29

or

rdp.js:4 Uncaught TypeError: window.kasm.Application is not a constructor
    at rdp.js:4:13
(anonymous)	@	rdp.js:4

[toxyl]

Same here, using the inspector I see it using the internal IP (192.168.x.x) of the kasm instance (when following the proxy setup) or proxy to connect to vnc.html. Obviously this won't help you much if you are running behind a reverse proxy. Looks like the field statusKasms.hostname in the file webpack://kasmweb/src/views/Kasm/Kasm.js is not populated correctly, instead of the correct hostname (as defined in /opt/kasm/current/conf/app/api.app.config.yaml) it uses the local IP.

be aware, though, that I'm using a custom reverse proxy and I was expecting potential issues with websockets, but I'm not even getting to that point and I assume using the IP as hostname should not be related to WS. I have verified that my reverse proxy is setting as headers as required. This also works for a couple of other services like Gitea and Grafana.

[FallenUnique]

Hi, i also want to chip in. I think i got a similar error with Cloudflare and my Oracle Cloud machine. When i access my KASM via the server Ip: "https://xx.xx.xx.xx:443" everything is super fast and works perfectly. When i access my KASM via the Domain "https://mydomain.com" i get a super slow but working connection.. and a bunch of error in my Logs like: application: rdp-https-gateway levelname: ERROR message Error making request: Get "https://xxxxxxx:443/api/__healthcheck": dial tcp 127.0.1.1:443: connect: connection refused

Any ideas what I could try to solve this?

[RLoris]

Hey people, my setup is as follow: cloudflare tunnel > cloudflare deamon > reverse proxy (zoraxy) > kasm (with a custom port since 443 is taken, say 4443). When using kasm locally, everything works and loads, when using kasm remotely, dashboard loads fine, but workspace session always displays "loading 100%" and never works because it's using the internal_ip:internal_port or container_name:internal_port (from what i can see in the network inspect tool), what I did is I rewrote the host header from my reverse proxy to be subdomain.domain.com so instead of using https://kasm:4443/desktop/... it uses https://subdomain.domain.com:4443/desktop, then to solve the port issue to use default https 443 port, I went to dashboard/admin/zones/default/edit/proxy_connections/proxy_port instead of using default value 4443, I set to 0 so it uses window.location.port, and now the session launches properly. In my reverse proxy, I use the container_name:port, but you can also set machine_ip:port to avoid rewriting the host. Anyway hope this helps

[mruizdia]

It seems to be working now. I went to Connection Proxies and changed the Server Address of the proxy to be the machine's local IP address

Hi, I'm having a similar issue, when you say that you changed the Server Address of the proxy to be the machine's local ip address, do you mean to the kasm server ip or the windows device you are connecting via rdp? Thanks..

[Ian-Kasmweb]

Hi @mruizdia @zimmra,

In our testing we have found that this issue occurs when client connections use HTTP/2.

If you have a paid plan with Cloudflare disabling HTTP/2 should resolve the issue.

If you do not have a paid plan with Cloudflare, we are currently in the process of releasing an update to our kasm-guac image that will better support HTTP/2 connections.

[mruizdia]

Hi! Thanks, in my case I don't have a paid plan, therefore I'll need to wait for the update release and test it again.

Looking forward to test it when available.

Thanks, Mauro.

---

From: Ian-Kasmweb @.> Sent: Friday, March 28, 2025 2:53 PM To: kasmtech/workspaces-issues @.> Cc: mruizdia @.>; Mention @.> Subject: Re: [kasmtech/workspaces-issues] [Bug] - Remote Desktop workspaces not working behind CloudFlare even after following docs to update default Zone (Issue #539)

Hi @mruizdiahttps://github.com/mruizdia @zimmrahttps://github.com/zimmra,

In our testing we have found that this issue occurs when client connections use HTTP/2.

If you have a paid plan with Cloudflare disabling HTTP/2 should resolve the issuehttps://developers.cloudflare.com/speed/optimization/protocol/http2/#disable-http2.

If you do not have a paid plan with Cloudflare, we are currently in the process of releasing an update to our kasm-guac image that will better support HTTP/2 connections.

— Reply to this email directly, view it on GitHubhttps://github.com/kasmtech/workspaces-issues/issues/539#issuecomment-2761433438, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AJSKGNALVRUOKELWVNAWKJT2WVH6JAVCNFSM6AAAAABFTVWMRSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDONRRGQZTGNBTHA. You are receiving this because you were mentioned.Message ID: @.***>

[Ian-Kasmweb]Ian-Kasmweb left a comment (kasmtech/workspaces-issues#539)https://github.com/kasmtech/workspaces-issues/issues/539#issuecomment-2761433438

Hi @mruizdiahttps://github.com/mruizdia @zimmrahttps://github.com/zimmra,

In our testing we have found that this issue occurs when client connections use HTTP/2.

If you have a paid plan with Cloudflare disabling HTTP/2 should resolve the issuehttps://developers.cloudflare.com/speed/optimization/protocol/http2/#disable-http2.

If you do not have a paid plan with Cloudflare, we are currently in the process of releasing an update to our kasm-guac image that will better support HTTP/2 connections.

— Reply to this email directly, view it on GitHubhttps://github.com/kasmtech/workspaces-issues/issues/539#issuecomment-2761433438, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AJSKGNALVRUOKELWVNAWKJT2WVH6JAVCNFSM6AAAAABFTVWMRSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDONRRGQZTGNBTHA. You are receiving this because you were mentioned.Message ID: @.***>

[Ian-Kasmweb]

Hi @mruizdia and @zimmra ,

This issue should be resolved in the new Kasm 1.17.0 release.

Instructions on upgrading your existing installation can be found in the Kasm Documentation

[mruizdia]

Hi @mruizdia and @zimmra ,

This issue should be resolved in the new Kasm 1.17.0 release.

Instructions on upgrading your existing installation can be found in the Kasm Documentation

Hi Ian, thanks, I've running the new 1.17.0 release, unfortunately I still experience the same issue when I try to connect via cloudflare.

it works great when I locally connect using the IP address instead :(

any help is very appreciated. Thanks.

[Ian-Kasmweb]

@mruizdia what happens when you attempt to connect via the web-native client? That can be selected by editing the workspace and going the "RDP Client options" section and seelcting "Web-Native Client" from the dropdown.