from kasmweb 1.6.0

bin/start

@@ -0,0 +1,18 @@
+#!/usr/bin/env bash
+set -e
+if [[ $EUID -ne 0 ]]; then
+   echo "This script must be run as root"
+   exit 1
+fi
+
+KASM_VERSION="1.6.0"
+KASM_INSTALL_BASE="/opt/kasm/${KASM_VERSION}"
+
+pushd ${KASM_INSTALL_BASE}/docker > /dev/null
+
+# TODO: Start in daemon mode, run connectivity tests, tell the user how to access website
+echo "Starting Kasm Services"
+export KASM_UID=$(id kasm -u)
+export KASM_GID=$(id kasm -g)
+docker-compose up -d
+popd > /dev/null

bin/stop

@@ -0,0 +1,18 @@
+#!/usr/bin/env bash
+set -e
+if [[ $EUID -ne 0 ]]; then
+   echo "This script must be run as root"
+   exit 1
+fi
+
+KASM_VERSION="1.6.0"
+KASM_INSTALL_BASE="/opt/kasm/${KASM_VERSION}"
+
+pushd ${KASM_INSTALL_BASE}/docker > /dev/null
+
+echo "Stopping Kasm Services"
+export KASM_UID=$(id kasm -u)
+export KASM_GID=$(id kasm -g)
+docker-compose stop
+popd > /dev/null
+

bin/utils/db_backup

@@ -0,0 +1,72 @@
+#!/usr/bin/env bash
+set -e
+if [[ $EUID -ne 0 ]]; then
+   echo "This script must be run as root"
+   exit 1
+fi
+
+function display_help() {
+   echo "Usage: ${0}"
+   echo "-f Path to kasm db backup file (tar)"
+   echo "-p Path to kasm installation desired for backup e.g /opt/kasm/1.0.0"
+   echo "-v Verbose output"
+}
+
+while getopts 'vf:p:' flag; do
+  case "${flag}" in
+    f)
+        DB_FILE=$OPTARG
+        ;;
+    p)
+        KASM_INSTALL_BASE=$OPTARG
+        ;;
+    v)
+        set -x
+        ;;
+    *)
+        error "Unexpected option ${flag}"
+        display_help
+        ;;
+  esac
+done
+
+if [ -z "$DB_FILE" ]; then
+    echo "Error -  No database file specified ! "
+    echo ""
+    display_help
+    exit 1
+fi
+
+if [ -z "$KASM_INSTALL_BASE" ]; then
+    echo "Error -  No kasm installation path specified ! "
+    echo ""
+    display_help
+    exit 1
+fi
+
+export KASM_UID=$(id kasm -u)
+export KASM_GID=$(id kasm -g)
+
+TEMP_DB_CONTAINER_NAME=temp_kasm_db_backup
+DB_BACKUP_DIR=$(dirname "${DB_FILE}")
+DB_BACKUP_FILE_NAME=$(basename "${DB_FILE}")
+
+
+pushd ${KASM_INSTALL_BASE}/docker > /dev/null
+echo "Removing Existing Database container"
+docker-compose rm -f db > /dev/null
+
+docker stop ${TEMP_DB_CONTAINER_NAME} || true && docker rm ${TEMP_DB_CONTAINER_NAME} || true
+
+echo "Creating temporary database backup container..."
+docker-compose run -v ${DB_BACKUP_DIR}:/tmp -d --name ${TEMP_DB_CONTAINER_NAME} db
+sleep 10
+
+echo "Executing Backup"
+docker exec ${TEMP_DB_CONTAINER_NAME} pg_dump -b -C -U kasmapp -Ft kasm -f /tmp/${DB_BACKUP_FILE_NAME}
+
+echo "Removing Temporary Backup Container"
+docker rm -f ${TEMP_DB_CONTAINER_NAME}
+
+echo "Database backup is at the following location: ${DB_FILE}"
+popd > /dev/null

bin/utils/db_init

@@ -0,0 +1,75 @@
+#!/usr/bin/env bash
+set -e
+KASM_VERSION="1.6.0"
+KASM_INSTALL_BASE="/opt/kasm/${KASM_VERSION}"
+
+if [[ $EUID -ne 0 ]]; then
+   echo "This script must be run as root"
+   exit 1
+fi
+
+function display_help() {
+   echo "Usage: ${0}"
+   echo "-h Display this help menu"
+   echo "-i initialize the database (delete and recreated schema)"
+   echo "-s Absolute path to the seed file (yaml)"
+   echo "-v Verbose output"
+
+}
+
+while getopts 'vihs:' flag; do
+  case "${flag}" in
+    h)
+        display_help
+        exit 0
+        ;;
+    s)
+        SEED_FILE=$OPTARG
+        SEED_FILE_NAME=$(basename ${SEED_FILE})
+        echo "Setting Seed file as ${SEED_FILE}"
+        ;;
+    i)
+        INITIALIZE_DATABASE="--initialize-database"
+        ;;
+    v)
+        set -x
+        ;;
+    *)
+        error "Unexpected option ${flag}"
+        display_help
+        ;;
+  esac
+done
+
+if [ -z "${SEED_FILE}" ]; then
+    echo "Error -  No seed file specified ! "
+    echo ""
+    display_help
+    exit 1
+fi
+
+export KASM_UID=$(id kasm -u)
+export KASM_GID=$(id kasm -g)
+
+pushd ${KASM_INSTALL_BASE}/docker > /dev/null
+
+# TODO Check of the db already exists or not
+set +e
+docker-compose stop
+docker kill kasm_db
+docker container rm kasm_db
+set -e
+
+if [ ! -z "${INITIALIZE_DATABASE}" ]; then
+    set +e
+    docker volume rm kasm_db_${KASM_VERSION}
+    set -e
+    docker volume create kasm_db_${KASM_VERSION}
+fi
+
+docker-compose up -d db
+sleep 5
+docker-compose  -f ${KASM_INSTALL_BASE}/docker/.conf/docker-compose-api.yaml run -v ${SEED_FILE}:/tmp/${SEED_FILE_NAME} --rm --entrypoint "/usr/bin/kasm_server.so ${INITIALIZE_DATABASE} --cfg /opt/kasm/current/conf/app/api.app.config.yaml --populate-production --seed-file /tmp/${SEED_FILE_NAME}" kasm_api
+docker-compose stop
+echo "Database Initialization Complete"
+popd > /dev/null

bin/utils/db_restore

@@ -0,0 +1,115 @@
+#!/usr/bin/env bash
+set -e
+if [[ $EUID -ne 0 ]]; then
+   echo "This script must be run as root"
+   exit 1
+fi
+
+function verify() {
+    printf "\n\n"
+    echo "WARNING!!!"
+    echo "__________________________"
+    printf "\n\n"
+    echo "Contents of the existing database will be removed. This is irreversible!"
+    printf "\n"
+    read -p "Continue? (y/n) " choice
+    case "$choice" in
+      y|Y )
+        return
+        ;;
+      n|N )
+        echo "Exiting"
+        exit 1
+        ;;
+      * )
+        echo "Invalid Response"
+        echo "Exiting"
+        exit 1
+        ;;
+    esac
+
+}
+
+function display_help() {
+   echo "Usage: ${0}"
+   echo "-f Path to kasm db backup file (tar)"
+   echo "-p Path to kasm installation desired for restore e.g /opt/kasm/1.0.0"
+   echo "-v Verbose output"
+}
+
+
+while getopts 'vaf:p:' flag; do
+  case "${flag}" in
+    a)
+        ACCEPT_WARNING=true
+        ;;
+    f)
+        DB_FILE=$OPTARG
+        ;;
+    p)
+        KASM_INSTALL_BASE=$OPTARG
+        ;;
+    v)
+        set -x
+        ;;
+    *)
+        error "Unexpected option ${flag}"
+        display_help
+        ;;
+  esac
+done
+
+if [ -z "$DB_FILE" ]; then
+    echo "Error -  No database file specified ! "
+    echo ""
+    display_help
+    exit 1
+fi
+
+if [ -z "$KASM_INSTALL_BASE" ]; then
+    echo "Error -  No kasm installation path specified ! "
+    echo ""
+    display_help
+    exit 1
+fi
+
+if [ ! "${ACCEPT_WARNING}" = true ]
+then
+    verify
+fi
+
+
+TEMP_DB_BACKUP_PATH=${KASM_INSTALL_BASE}/conf/database/
+DB_BACKUP_DIR=$(dirname "${DB_FILE}")
+DB_BACKUP_FILE_NAME=$(basename "${DB_FILE}")
+
+
+cp ${DB_FILE} ${TEMP_DB_BACKUP_PATH}/${DB_BACKUP_FILE_NAME}
+
+pushd ${KASM_INSTALL_BASE}/docker > /dev/null
+
+
+export KASM_UID=$(id kasm -u)
+export KASM_GID=$(id kasm -g)
+
+
+echo "Stopping Services"
+sudo ${KASM_INSTALL_BASE}/bin/stop
+
+echo "Starting DB Service"
+docker-compose up -d db
+sleep 10
+
+echo "Executing restore"
+docker-compose exec db psql -e -U kasmapp -c "drop database if exists kasm;" postgres
+docker-compose exec db pg_restore -e -U kasmapp -Ft -C -d postgres /tmp/${DB_BACKUP_FILE_NAME}
+
+rm  ${TEMP_DB_BACKUP_PATH}/${DB_BACKUP_FILE_NAME}
+echo "Stopping Services"
+sudo ${KASM_INSTALL_BASE}/bin/stop
+
+
+echo "Restore Complete"
+popd > /dev/null
+
+

bin/utils/db_upgrade

@@ -0,0 +1,63 @@
+#!/usr/bin/env bash
+set -e
+if [[ $EUID -ne 0 ]]; then
+   echo "This script must be run as root"
+   exit 1
+fi
+
+export KASM_UID=$(id kasm -u)
+export KASM_GID=$(id kasm -g)
+
+
+
+function display_help() {
+   echo "Usage: ${0}"
+   echo "-p Path to kasm installation to upgrade e.g /opt/kasm/1.0.0"
+   echo "-v Verbose output"
+}
+
+while getopts 'vp:' flag; do
+  case "${flag}" in
+    p)
+        KASM_INSTALL_BASE=$OPTARG
+        ;;
+    v)
+        set -x
+        ;;
+    *)
+        error "Unexpected option ${flag}"
+        display_help
+        ;;
+  esac
+done
+
+if [ -z "$KASM_INSTALL_BASE" ]; then
+    echo "Error -  No kasm installation path specified ! "
+    echo ""
+    display_help
+    exit 1
+fi
+
+pushd ${KASM_INSTALL_BASE}/docker > /dev/null
+
+
+echo "Removing Existing Database container"
+
+echo "Stopping Services"
+${KASM_INSTALL_BASE}/bin/stop
+
+docker-compose rm -f db
+
+
+docker-compose -f ${KASM_INSTALL_BASE}/docker/.conf/docker-compose-all.yaml rm -f db
+docker-compose -f ${KASM_INSTALL_BASE}/docker/.conf/docker-compose-all.yaml up -d db
+sleep 10
+
+set +e
+docker-compose -f ${KASM_INSTALL_BASE}/docker/.conf/docker-compose-all.yaml  run --rm --entrypoint "/usr/bin/kasm_server.so --upgrade-database --cfg /opt/kasm/current/conf/app/api.app.config.yaml" kasm_api
+set -e
+docker-compose -f ${KASM_INSTALL_BASE}/docker/.conf/docker-compose-all.yaml stop
+docker-compose -f ${KASM_INSTALL_BASE}/docker/.conf/docker-compose-all.yaml rm -f kasm_api
+docker-compose -f ${KASM_INSTALL_BASE}/docker/.conf/docker-compose-all.yaml rm -f db
+echo "Database Upgrade Complete"
+popd > /dev/null

conf/app/agent.app.config.yaml

@@ -0,0 +1,64 @@
+agent:
+  default_host_key: 1234
+  heartbeat_interval: 10000
+  images_interval: 300
+  nginx_container_dir: /etc/nginx/conf.d/containers.d/
+  port: 4444
+  provider: hardware
+  public_hostname: proxy
+  public_port: 443
+  server_id: A0EEBC99-9C0B-4EF8-BB6D-6BB9BD380A11
+  starting_nginx_port: 5971
+  docker_port_listen_addr: 'localhost'
+  type: host
+  validate_images: true
+  auto_generate_kasm_docker_networks: false
+  remove_failed_containers: true
+  log_heartbeat_data: false
+  docker_script_timeout: 180
+  persist_config_updates: true
+  persist_config_interval: 100000
+manager:
+  client_cert: /srv/provision_agent/client_cert.pem
+  heartbeat_path: /manager_api/api/v1/heartbeat
+  images_path: /manager_api/api/v1/images
+  hostnames: ['proxy']
+  public_port: 443
+  scheme: https
+  server_cert: /srv/provision_agent/server_cert.pem
+  token: a5b89ebd-779e-4bcf-9040-115fdab1056a
+logging:
+  agent:
+    formatters:
+      logmatic:
+        (): logmatic.JsonFormatter
+      standard:
+        format: '%(asctime)s [%(levelname)s] %(name)s: %(message)s'
+    handlers:
+      file_handler:
+        backupCount: 5
+        class: logging.handlers.RotatingFileHandler
+        encoding: utf8
+        filename: /opt/kasm/current/log/agent.log
+        formatter: standard
+        level: DEBUG
+        maxBytes: 10485760
+      stream:
+        class: logging.StreamHandler
+        formatter: standard
+        level: DEBUG
+      syslog:
+        class: logging.handlers.SysLogHandler
+        formatter: logmatic
+        level: DEBUG
+    loggers:
+      ? ''
+      : handlers:
+        - stream
+        - syslog
+        - file_handler
+        level: DEBUG
+        propagate: true
+      tornado:
+        level: INFO
+    version: 1

conf/app/api.app.config.yaml

@@ -0,0 +1,235 @@
+database:
+  name: kasm
+  username: kasmapp
+  password: changeme
+  host: db
+  port: 5432
+  type: postgres
+redis:
+  host: kasm_redis
+  port: 6379
+  redis_password: changeme
+logging:
+  agent:
+    formatters:
+      logmatic:
+        (): logmatic.JsonFormatter
+      standard:
+        format: '%(asctime)s [%(levelname)s] %(name)s: %(message)s'
+    handlers:
+      file_handler:
+        backupCount: 20
+        class: logging.handlers.RotatingFileHandler
+        encoding: utf8
+        filename: /opt/kasm/current/log/agent.log
+        formatter: standard
+        level: DEBUG
+        maxBytes: 10485760
+      stream:
+        class: logging.StreamHandler
+        formatter: standard
+        level: INFO
+      syslog:
+        class: logging.handlers.SysLogHandler
+        formatter: logmatic
+        level: DEBUG
+    loggers:
+      ? ''
+      : handlers:
+        - stream
+        - syslog
+        - file_handler
+        level: DEBUG
+        propagate: true
+    version: 1
+  kasm_share:
+    formatters:
+      logmatic:
+        (): logmatic.JsonFormatter
+      standard:
+        format: '%(asctime)s [%(levelname)s] %(name)s: %(message)s'
+    handlers:
+      file_handler:
+        backupCount: 20
+        class: logging.handlers.RotatingFileHandler
+        encoding: utf8
+        filename: /opt/kasm/current/log/share.log
+        formatter: standard
+        level: DEBUG
+        maxBytes: 10485760
+      stream:
+        class: logging.StreamHandler
+        formatter: standard
+        level: DEBUG
+      syslog:
+        class: logging.handlers.SysLogHandler
+        formatter: logmatic
+        level: DEBUG
+    loggers:
+      ? ''
+      : handlers:
+        - stream
+        - syslog
+        - file_handler
+        level: DEBUG
+        propagate: true
+      tornado.application:
+        level: DEBUG
+      tornado.access:
+        level: DEBUG
+      tornado.general:
+        level: DEBUG
+    version: 1
+  manager_api_server:
+    filters:
+      forwarded_log_filter:
+        (): log.handlers.ForwardedLogFilter
+    formatters:
+      logmatic:
+        (): logmatic.JsonFormatter
+      standard:
+        format: '%(asctime)s [%(levelname)s] %(name)s: %(message)s'
+    handlers:
+      file_handler:
+        backupCount: 20
+        class: logging.handlers.RotatingFileHandler
+        encoding: utf8
+        filename: /opt/kasm/current/log/manager_api_server.log
+        formatter: standard
+        level: DEBUG
+        maxBytes: 10485760
+        filters: [ forwarded_log_filter ]
+      stream:
+        class: logging.StreamHandler
+        formatter: standard
+        level: INFO
+        filters: [ forwarded_log_filter ]
+      syslog:
+        class: logging.handlers.SysLogHandler
+        formatter: logmatic
+        level: DEBUG
+        filters: [ forwarded_log_filter ]
+    loggers:
+      ? ''
+      : handlers:
+        - stream
+        - syslog
+        - file_handler
+        level: DEBUG
+        propagate: true
+      __main__.handler:
+        level: DEBUG
+      provider_manager:
+        level: DEBUG
+      provider:
+        level: DEBUG
+      tornado:
+        level: INFO
+      sqlalchemy.pool:
+        level: WARNING
+      sqlalchemy.engine:
+        level: WARNING
+      sqlalchemy.dialects:
+        level: WARNING
+      sqlalchemy.orm:
+        level: WARNING
+    version: 1
+  api_server:
+    filters:
+      request_context_filter:
+        (): utils.RequestContextFilter
+    formatters:
+      logmatic:
+        (): logmatic.JsonFormatter
+      standard:
+        format: '%(asctime)s [%(levelname)s] %(name)s: %(message)s'
+    handlers:
+      file_handler:
+        backupCount: 20
+        class: logging.handlers.RotatingFileHandler
+        encoding: utf8
+        filename: /opt/kasm/current/log/api_server.log
+        formatter: standard
+        level: DEBUG
+        maxBytes: 10485760
+      file_handler_json:
+        backupCount: 20
+        class: logging.handlers.RotatingFileHandler
+        encoding: utf8
+        filename: /opt/kasm/current/log/api_server_json.log
+        formatter: logmatic
+        level: DEBUG
+        maxBytes: 10485760
+        filters: [request_context_filter]
+      subscription_file_handler:
+        backupCount: 20
+        class: logging.handlers.RotatingFileHandler
+        encoding: utf8
+        filename: /opt/kasm/current/log/subscription_api_server.log
+        formatter: standard
+        level: DEBUG
+        maxBytes: 10485760
+      admin_file_handler:
+        backupCount: 20
+        class: logging.handlers.RotatingFileHandler
+        encoding: utf8
+        filename: /opt/kasm/current/log/admin_api_server.log
+        formatter: standard
+        level: DEBUG
+        maxBytes: 10485760
+      client_file_handler:
+        backupCount: 20
+        class: logging.handlers.RotatingFileHandler
+        encoding: utf8
+        filename: /opt/kasm/current/log/client_api_server.log
+        formatter: standard
+        level: DEBUG
+        maxBytes: 10485760
+      stream:
+        class: logging.StreamHandler
+        formatter: standard
+        level: DEBUG
+      syslog:
+        class: logging.handlers.SysLogHandler
+        formatter: logmatic
+        level: DEBUG
+    loggers:
+      ? ''
+      : handlers:
+        - stream
+        - syslog
+        - file_handler
+        - file_handler_json
+        level: DEBUG
+        propagate: true
+      client_api_server:
+        handlers:
+          - client_file_handler
+      admin_api_server:
+        handlers:
+          - admin_file_handler
+      subscription_api_server:
+        handlers:
+          - subscription_file_handler
+      cherrypy.error:
+        level: INFO
+      cherrypy.access:
+        level: INFO
+      sqlalchemy.pool:
+        level: WARNING
+      sqlalchemy.engine:
+        level: WARNING
+      sqlalchemy.dialects:
+        level: WARNING
+      sqlalchemy.orm:
+        level: WARNING
+    version: 1
+manager:
+  manager_id: null
+  update_timer: 86400
+server:
+  server_id: null
+  server_hostname: null
+  zone_name: default
+share:
+  share_id: null

conf/database/data.sql

@@ -0,0 +1,2 @@
+CREATE EXTENSION IF NOT EXISTS "uuid-ossp" WITH SCHEMA public;
+COMMENT ON EXTENSION "uuid-ossp" IS 'generate universally unique identifiers (UUIDs)';

conf/database/seed_data/default_properties.yaml

@@ -0,0 +1,441 @@
+global_settings:
+  logging:
+    log_protocol:
+      title: Log Protocol
+      value: internal
+      value_type: string
+      restart: manager,api
+      description: The logging protocol used, allowed values are internal, https, splunk, and elasticsearch
+    log_port:
+      title: Log Port
+      value: 443
+      value_type: int
+      restart: manager,api
+      description: The port to use for logging communication.
+    log_host:
+      title: Log Host
+      value: None
+      value_type: string
+      restart: manager,api
+      description: The hostname or IP address of the remote logging server, not applicable for internal logging.
+    hec_token:
+      title: Splunk HEC Token
+      value: None
+      value_type: string
+      restart: manager,api
+      description: The Splunk HEC token used for authentication of logs to a Splunk server.
+    https_insecure:
+      title: Disable Log Certificate Validation
+      value: true
+      value_type: bool
+      restart: manager,api
+      description: Set to true if the remote logging server does not have a valid signed cert by a public certificate authority.
+    http_method:
+      title: HTTP Method
+      value: post
+      value_type: string
+      restart: manager,api
+      description: HTTP method to use, valid values are post and put. Splunk uses POST while ElasticSearch API uses PUT
+    url_endpoint:
+      title: URL Endpoint
+      value: /services/collector/event
+      value_type: string
+      restart: manager,api
+      description: The Splunk endpoint, most likely /service/collector/event. For ElasticSearch it would be index/_doc/.
+    log_retention:
+      title: Log Retention
+      value: 7
+      value_type: int
+      description: "Number of days to retain local Kasm logs. WARNING - See Kasm documentation before adjusting."
+    debug_retention:
+      title: Debug Log Retention
+      value: 4
+      value_type: int
+      description: "Number of hours to retain local Kasm debug logs. WARNING - See Kasm documentation before adjusting."
+  auth:
+    notice_message:
+      value:
+      value_type: multiline_string
+      title: Notice Message
+      description: Login notice banner message.
+    login_assistance:
+      value:
+      title: Login Assistance
+      value_type: String
+      description: Enables a Login Assitance link on the login page to the entered URL. Not shown if value is empty.
+    enable_kasm_auth:
+      title: Enable Kasm Authorization
+      value: true
+      value_type: bool
+      description: Require client requests to the Kasm for content such as downloads and uploads to be authenticated with the user's current session token.
+    kasm_auth_domain:
+      title: Kasm Authorization Domain
+      value: $request_host$
+      value_type: string
+      description: Override the domain used in the Kasm session cookie.
+    max_login_attempts:
+      title: Max Login Attempts
+      name: max_login_attempts
+      value: 5
+      value_type: int
+      description: The number of invalid login attempts before an account is locked out. This setting only applies to local accounts.
+    session_lifetime:
+      title: Session Lifetime
+      value: 288000
+      value_type: int
+      description: The number of seconds a session token is valid for.
+  manager:
+    update_check:
+      title: Update Check
+      value: true
+      value_type: bool
+      description: This Setting will stop the manager from checking for Kasm system updates.
+    agent_version:
+      title: Agent Version
+      value: 1
+      value_type: string
+      description: This setting is used to restrict which versions of the Kasm Agent are allowed to communicate with the Manager.
+    primary_manager_timeout:
+      title: Primary Manager Timeout
+      restart: manager
+      value: 180
+      value_type: int
+      description: The number of seconds until the primary manager is considered unavailable. If other managers are alive one will take over the primary role.
+    same_zone_reply:
+      title: Same Zone Reply
+      restart: manager
+      value: true
+      value_type: bool
+      description: If set to true, a manager will only reply to agent heartbeats with a list of managers in the same zone as itself. Otherwise a list of all managers is given. This allows Agents to failover to managers in other zones.
+    token:
+      title: Token
+      restart: manager
+      value: a5b89ebd-779e-4bcf-9040-115fdab1056a
+      value_type: string
+      description: An authentication token used the communication between Kasm Agents and the Manager API server.
+  nginx:
+    cert_in:
+      title: Certificate In
+      value: /opt/kasm/current/certs/kasm_nginx.crt
+      value_type: string
+      description: The nginx cert will be read from this location on the Manager API server when automatically provisioning Agents.
+    cert_out:
+      title: Certificate Out
+      value: /opt/kasm/current/certs/kasm_nginx.crt
+      value_type: string
+      description: The nginx cert will be placed at this directory path for automatically provisioned Agents
+    key_in:
+      title: Key In
+      value: /opt/kasm/current/certs/kasm_nginx.key
+      value_type: string
+      description: The nginx key will be read from this location on the Manager API server when automatically provisioning Agents.
+    key_out:
+      title: Key Out
+      value: /opt/kasm/current/certs/kasm_nginx.key
+      value_type: string
+      description: The nginx key will be placed at this directory path for automatically provisioned Agents.
+    proxy_connections:
+      title: Proxy Connections
+      value: true
+      value_type: bool
+      description: When creating a Kasm, instruct the client to connect to the Kasm via another proxy server. When false, the client connects directly to the Kasm via the Agent's address.
+    proxy_hostname:
+      title: Proxy Hostname
+      value: $request_host$
+      value_type: string
+      description: The IP or DNS name used in the url for proxied connections to the Kasm i.e (https://<proxy_hostname>:<proxy_port>/<proxy_path>) . This setting only applies if proxy_connections is set to true.
+    proxy_path:
+      title: Proxy Path
+      value: desktop
+      value_type: string
+      description: The url path used in the proxied connections. i.e (https://<proxy_hostname>:<proxy_port>/<proxy_path>) . This setting only applies if proxy_connections is set to true.
+    proxy_port:
+      value: 443
+      value_type: int
+      description: The Port used in the proxied connection url. i.e (https://<proxy_hostname>:<proxy_port>/<proxy_path>) . This setting only applies if proxy_connections is set to true.
+      title: Proxy Port
+  scale:
+    default_image_cores:
+      title: Default Image Cores
+      value: 1
+      value_type: float
+      description: When dynamic agent provisioning is enabled, this system calculates the number of Kasms that could be provisioned at the time. This setting represents the Kasm Image cores configuration that should be used during the calculation.
+    default_image_memory_gb:
+      title: Default Image Memory(GB)
+      value: 1
+      value_type: float
+      description: When dynamic agent provisioning is enabled, this system calculates the number of Kasms that could be provisioned at the time. This setting represents the Kasm Image memory configuration , in gigabytes, that should be used during the calculation.
+    guardian_interval:
+      title: Guardian Interval
+      value: 15
+      value_type: int
+      description: The number of seconds between the Manager API inspection of existing Agent, and Kasm availability.
+    guardian_provision_threads:
+      title: Guardian Provision Threads
+      value: 10
+      value_type: int
+      description: The number of threads the Manager API server uses for teardown and provision tasks.
+    host_dead_expiration:
+      title: Host Dead Expiration
+      value: 240
+      value_type: int
+      description: The number of seconds since an Agent's last check-in before marking it as dead. Dead servers are automatically destroyed if they were dynamically provisioned.
+    host_missing_expiration:
+      title: Host Missing Expiration
+      value: 120
+      value_type: int
+      description: The number of seconds since an Agent's last check-in before marking it as dead.
+    keepalive_expiration:
+      title: Keep Alive Expiration
+      value: 3600
+      value_type: int
+      description: Clients regularly send keepalive requests when logged into a Kasm. This value is the number of seconds a Kasm will remain active after the last keepalive is received.
+  images:
+    add_images_to_default_group:
+      title: Add Images to Default Group
+      value: true
+      value_type: bool
+      description: Automatically add images to default group when new images are added.
+group_settings:
+  administrator:
+    description: Allows users to see and edit all attributes of the Kasm application.
+    value: 'True'
+    value_type: bool
+  allow_kasm_audio:
+    description: Allow audio streaming for a Kasm.
+    value: 'True'
+    value_type: bool
+  allow_kasm_clipboard_down:
+    description: Allows users to paste text from the Kasm to their local computer.
+    value: 'True'
+    value_type: bool
+  allow_kasm_clipboard_seamless:
+    description: Allows users to copy and paste text without using Kasm control panel.
+    value: 'True'
+    value_type: bool
+  allow_kasm_clipboard_up:
+    description: Allow users to paste from their local computer to the Kasm.
+    value: 'True'
+    value_type: bool
+  allow_kasm_downloads:
+    description: Allow users to download files from a Kasm.
+    value: 'True'
+    value_type: bool
+  allow_kasm_uploads:
+    description: Allow users to upload files to a Kasm.
+    value: 'True'
+    value_type: bool
+  allow_persistent_profile:
+    description: Allow the use of persistent profiles if configured on the Kasm Image.
+    value: 'True'
+    value_type: bool
+  allow_point_of_presence:
+    description: Allow the user to use point of presence features for certain Images.
+    value: 'True'
+    value_type: bool
+  allow_kasm_sharing:
+    description: Allow the user to share access to Kasms with other users.
+    value: 'True'
+    value_type: bool
+  expose_user_environment_vars:
+    description: Expose KASM_USER and KASM_USER_ID environment variables inside the Kasm.
+    value: 'False'
+    value_type: bool
+  idle_disconnect:
+    description: Disconnect the Kasm connection if idle for this long. Time specified in minutes.
+    value: '20'
+    value_type: float
+  kasm_audio_default_on:
+    description: Default to audio enabled on Kasm start
+    value: 'True'
+    value_type: bool
+  keepalive_expiration:
+    description: The number of seconds a Kasm will stay alive unless a keeplive request is sent from the client.
+    value: '3600'
+    value_type: int
+  max_kasms_per_user:
+    description: The maximum number of simultaneous Kasms a users is allowed to provision.
+    value: '2'
+    value_type: int
+  enable_webp:
+    description: Enable webp image compression for compatible browsers. This will increase server side processing requirements but cut bandwidth by 30 percent.
+    value: 'False'
+    value_type: bool
+  run_config:
+    description: Specify arbitrary docker run params.
+    value: '{}'
+    value_type: json
+  default_image:
+    description: Sets the Default image for the /go route. Will automatically provision this kasm image.
+    value: ''
+    value_type: image
+  enable_totp_two_factor:
+    description: "Enables two factor authentication for group. Users will be prompted to set Key on next log on."
+    value: 'False'
+    value_type: bool
+  volume_mapping:
+    description: "\n        \tMap a local server directory to kasm. The format is\
+      \ in json. \n        \tExample: {\"/data/departments/sales\": {\"bind\": \"\
+      /headless/documents/sales\", \"mode\": \"rw\"} \n        \tThis example mounts\
+      \ a directory on the local server, /data/department/sales to the container \n\
+      \        \tat the location /shares/sales with read and write permissions. \n\
+      \        \tIn order for the user in the Kasm to have write permissions on the\
+      \ mount the permissions \n        \ton the server must allow read, write, execute\
+      \ for ALL users. This is because the \n        \tuser running inside the Kasm\
+      \ is not a valid user on the server.\n        \t"
+    value: ''
+    value_type: json
+  auto_login_to_kasm:
+    description: Sends users directly to kasm using default image after login
+    value: 'False'
+    value_type: bool
+  chat_history_messages:
+    description: The number of chat history messages to show when a new user connects to a shared Kasm. Set this value to 0 to disable showing chat history.
+    value: 0
+    value_type: int
+  lock_sharing_video_mode:
+    description: Locks video quality to static resolution of 720p when sharing is enabled. Recomended for best performance.
+    value: 'True'
+    value_type: bool
+groups:
+  Administrators:
+    description: Default Administrators Group
+    is_system: true
+    priority: 1
+    settings:
+      administrator:
+        value: 'True'
+      allow_kasm_audio:
+        value: 'True'
+      allow_kasm_clipboard_down:
+        value: 'True'
+      allow_kasm_clipboard_seamless:
+        value: 'True'
+      allow_kasm_clipboard_up:
+        value: 'True'
+      allow_kasm_downloads:
+        value: 'True'
+      allow_kasm_uploads:
+        value: 'True'
+      allow_persistent_profile:
+        value: 'True'
+      allow_point_of_presence:
+        value: 'True'
+      allow_kasm_sharing:
+        value: 'True'
+      expose_user_environment_vars:
+        value: 'True'
+      idle_disconnect:
+        value: '20'
+      kasm_audio_default_on:
+        value: 'True'
+      keepalive_expiration:
+        value: '3600'
+      run_config:
+        value: '{"environment": {"GROUP": "%s"}}'
+images:
+  Kasm Desktop:
+    cores: 1.0
+    description: Kasm Desktop Environment
+    docker_registry: https://index.docker.io/v1/
+    enabled: true
+    image_id: 11111111-1111-1111-1111-111111111111
+    image_src: img/thumbnails/desktop.png
+    available: false
+    memory: 768000000
+    name: kasmweb/desktop:1.6.0
+    run_config: '{"hostname": "kasm"}'
+    x_res: 800
+    y_res: 600
+  Kasm Desktop Deluxe:
+    description: Kasm Desktop Environment with additional productivity Software
+    docker_registry: https://index.docker.io/v1/
+    name: kasmweb/desktop-deluxe:1.6.0
+    run_config: '{"hostname": "kasm"}'
+    image_src: img/thumbnails/desktop-deluxe.png
+    available: false
+  Kasm Firefox:
+    description: 'Single-Application : Firefox'
+    docker_registry: https://index.docker.io/v1/
+    image_id: 22222222-2222-2222-2222-222222222222
+    image_src: img/thumbnails/firefox.png
+    available: false
+    name: kasmweb/firefox:1.6.0
+    run_config: '{"hostname": "kasm"}'
+    exec_config: '{"first_launch":{"cmd":"bash -c ''firefox -width ${VNC_RESOLUTION/x*/} -height ${VNC_RESOLUTION/*x/} --new-tab \"$KASM_URL\"''"},"go":{"cmd":"bash -c ''firefox -width ${VNC_RESOLUTION/x*/} -height ${VNC_RESOLUTION/*x/} --new-tab \"$KASM_URL\"''"}}'
+  Kasm Firefox for Touch:
+    description: 'Single-Application : Firefox for Touch and Mobile Systems'
+    docker_registry: https://index.docker.io/v1/
+    name: kasmweb/firefox-mobile:1.6.0
+    run_config: '{"hostname": "kasm"}'
+    image_src: img/thumbnails/touch.png
+    available: false
+  Kasm Chrome:
+    description: 'Single-Application : Chrome'
+    docker_registry: https://index.docker.io/v1/
+    image_src: img/thumbnails/chrome.png
+    available: false
+    name: kasmweb/chrome:1.6.0
+    run_config: '{"hostname": "kasm"}'
+    exec_config: '{"first_launch":{"environment": {"LAUNCH_URL": ""}, "cmd":"bash -c ''google-chrome --start-maximized \"$KASM_URL\"''"},"go":{"cmd":"bash -c ''google-chrome --start-maximized \"$KASM_URL\"''"}}'
+  Kasm Tor-Browser:
+    description: 'Single-Application : Tor-Browser'
+    docker_registry: https://index.docker.io/v1/
+    image_src: img/thumbnails/tor-browser.png
+    available: false
+    name: kasmweb/tor-browser:1.6.0
+    run_config: '{"hostname": "kasm"}'
+    exec_config: '{"first_launch":{"environment": {"LAUNCH_URL": ""}, "cmd":"bash -c ''/tmp/tor-browser_en-US/Browser/start-tor-browser --detach --allow-remote --new-tab  \"$KASM_URL\"''"},"go":{"cmd":"bash -c ''/tmp/tor-browser_en-US/Browser/start-tor-browser --detach --allow-remote --new-tab --detach \"$KASM_URL\"''"}}'
+users:
+  admin@kasm.local:
+    groups:
+      Administrators: {}
+    password: admin
+  user@kasm.local:
+    password: user
+zones:
+  default:
+    minimum_available_slots: 0
+    aws_enabled: False
+    aws_region: us-east-1
+    aws_access_key_id: changeme
+    aws_secret_access_key: changeme
+    ec2_agent_ami_id: ami-aa2ea6d0
+    ec2_agent_instance_type: t3.micro
+    ec2_agent_cores_override: 2
+    ec2_agent_memory_override_gb: 1
+    ec2_agent_key_pair_name: Production
+    aws_max_ec2_nodes: 10
+    ec2_agent_security_group_id: sg-0a0bb97e
+    ec2_agent_subnet_id: subnet-f8e008f7
+    ec2_agent_iam: CloudWatchRole
+    ec2_agent_ebs_volume_type: gp2
+    ec2_agent_ebs_volume_size_gb: 20
+    ec2_agent_startup_script: |
+        #!/bin/bash
+
+        echo ''Starting Docker''
+
+        set -x
+
+        bin/dd if=/dev/zero of=/var/swap.1 bs=1M count=2048
+
+        /sbin/mkswap /var/swap.1
+
+        chmod 600 /var/swap.1
+
+        /sbin/swapon /var/swap.1
+
+        cd /tmp
+
+        wget {release_url} -O kasm_backend.tar.gz
+
+        tar -xf kasm_backend.tar.gz
+
+        PUBLIC_DNS=(`curl -s http://169.254.169.254/latest/meta-data/hostname`)
+
+        bash kasm_release/install.sh -e -a -p $PUBLIC_DNS -m {manager_hostname} -i {server_id} -r aws
+
+        echo -e "{nginx_cert_in}" > {nginx_cert_out}
+
+        echo -e "{nginx_key_in}" > {nginx_key_out}

conf/nginx/orchestrator.conf

@@ -0,0 +1,16 @@
+server {
+
+    listen 443 ssl;
+    server_name ubuntu-base;
+
+    ssl_certificate /etc/ssl/certs/kasm_nginx.crt;
+    ssl_certificate_key /etc/ssl/private/kasm_nginx.key;
+    ssl_protocols   TLSv1.2;
+    ssl_prefer_server_ciphers   on;
+    ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
+
+    include /etc/nginx/conf.d/services.d/*.conf;
+    include /etc/nginx/conf.d/containers.d/*.conf;
+
+    client_max_body_size 1G;
+}

conf/nginx/services.d/admin_api.conf

@@ -0,0 +1,11 @@
+location /api/admin/ {
+		proxy_http_version	1.1;
+		proxy_set_header	Host $host;
+		proxy_set_header	Upgrade $http_upgrade;
+		proxy_set_header	Connection "upgrade";
+		proxy_set_header	X-Real-IP $remote_addr;
+		proxy_set_header	X-Forwarded-For $proxy_add_x_forwarded_for;
+		proxy_set_header	X-Forwarded-Proto $scheme;
+
+		proxy_pass	http://kasm_api;
+    }

conf/nginx/services.d/agent.conf

@@ -0,0 +1,11 @@
+location /agent/ {
+		proxy_http_version	1.1;
+		proxy_set_header	Host $host;
+		proxy_set_header	Upgrade $http_upgrade;
+		proxy_set_header	Connection "upgrade";
+		proxy_set_header	X-Real-IP $remote_addr;
+		proxy_set_header	X-Forwarded-For $proxy_add_x_forwarded_for;
+		proxy_set_header	X-Forwarded-Proto $scheme;
+
+		proxy_pass	http://kasm_agent/;
+}

conf/nginx/services.d/client_api.conf

@@ -0,0 +1,10 @@
+location /api/ {
+        proxy_http_version	1.1;
+        proxy_set_header	Host $host;
+        proxy_set_header	Upgrade $http_upgrade;
+        proxy_set_header	Connection "upgrade";
+        proxy_set_header	X-Real-IP $remote_addr;
+        proxy_set_header	X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header	X-Forwarded-Proto $scheme;
+        proxy_pass	http://kasm_api;
+    }

conf/nginx/services.d/manager_api.conf

@@ -0,0 +1,11 @@
+location /manager_api/ {
+		proxy_http_version	1.1;
+		proxy_set_header	Host $host;
+		proxy_set_header	Upgrade $http_upgrade;
+		proxy_set_header	Connection "upgrade";
+		proxy_set_header	X-Real-IP $remote_addr;
+		proxy_set_header	X-Forwarded-For $proxy_add_x_forwarded_for;
+		proxy_set_header	X-Forwarded-Proto $scheme;
+
+		proxy_pass	http://kasm_manager/;
+}

conf/nginx/services.d/share_api.conf

@@ -0,0 +1,10 @@
+location /api/share/ {
+        proxy_http_version	1.1;
+        proxy_set_header	Host $host;
+        proxy_set_header	Upgrade $http_upgrade;
+        proxy_set_header	Connection "upgrade";
+        proxy_set_header	X-Real-IP $remote_addr;
+        proxy_set_header	X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header	X-Forwarded-Proto $scheme;
+        proxy_pass	http://kasm_share;
+    }

conf/nginx/services.d/subscription_api.conf

@@ -0,0 +1,11 @@
+location /api/subscriptions/ {
+		proxy_http_version	1.1;
+		proxy_set_header	Host $host;
+		proxy_set_header	Upgrade $http_upgrade;
+		proxy_set_header	Connection "upgrade";
+		proxy_set_header	X-Real-IP $remote_addr;
+		proxy_set_header	X-Forwarded-For $proxy_add_x_forwarded_for;
+		proxy_set_header	X-Forwarded-Proto $scheme;
+
+		proxy_pass	http://kasm_api;
+    }

conf/nginx/services.d/upstream_proxy.conf

@@ -0,0 +1,19 @@
+# resolver 172.30.0.2;
+location /desktop/ {
+                proxy_http_version      1.1;
+                proxy_set_header        Host $host;
+                proxy_set_header        Upgrade $http_upgrade;
+                proxy_set_header        Connection "upgrade";
+                proxy_set_header        X-Real-IP $remote_addr;
+                proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+                proxy_set_header        X-Forwarded-Proto $scheme;
+                rewrite ^/desktop/(.*) /$1 break;
+                proxy_pass      https://$cookie_host:$cookie_port;
+                proxy_read_timeout      1800s;
+                proxy_send_timeout      1800s;
+                proxy_connect_timeout   1800s;
+                proxy_buffering         off;
+                client_max_body_size 1G;
+                expires                 4h;
+                add_header              Cache-Control "private";
+}

conf/nginx/services.d/website.conf

@@ -0,0 +1,6 @@
+location / {
+        expires                 4h;
+        add_header              Cache-Control "private";
+
+        root /srv/www;
+    }

conf/nginx/upstream_agent.conf

@@ -0,0 +1,3 @@
+    upstream kasm_agent {
+      server kasm_agent:4444;
+    }

conf/nginx/upstream_api.conf

@@ -0,0 +1,3 @@
+    upstream kasm_api {
+      server kasm_api:8080;
+    }

conf/nginx/upstream_manager.conf

@@ -0,0 +1,3 @@
+    upstream kasm_manager {
+      server kasm_manager:8181;
+    }

conf/nginx/upstream_share.conf

@@ -0,0 +1,3 @@
+    upstream kasm_share {
+      server kasm_share:8182;
+    }

docker/docker-compose-agent.yaml

@@ -0,0 +1,34 @@
+version: '3'
+services:
+  kasm_agent:
+    container_name: kasm_agent
+    user: root
+    image: "kasmweb/agent:1.6.0"
+    ports:
+      - "4444"
+    networks:
+      - kasm_default_network
+    volumes:
+      - /opt/kasm/1.6.0:/opt/kasm/current
+      - /var/run/docker.sock:/var/run/docker.sock
+      - /usr/bin/docker:/usr/bin/docker
+      - /opt/kasm/1.6.0/conf/nginx:/etc/nginx/conf.d
+    restart: always
+  proxy:
+    container_name: kasm_proxy
+    image: "nginx:alpine"
+    ports:
+      - "443:443"
+    networks:
+      - kasm_default_network
+    volumes:
+      - /opt/kasm/1.6.0/conf/nginx:/etc/nginx/conf.d:ro
+      - /opt/kasm/1.6.0/certs/kasm_nginx.key:/etc/ssl/private/kasm_nginx.key
+      - /opt/kasm/1.6.0/certs/kasm_nginx.crt:/etc/ssl/certs/kasm_nginx.crt
+      - /opt/kasm/1.6.0/www:/srv/www:ro
+    restart: always
+    depends_on:
+      - kasm_agent
+networks:
+  kasm_default_network:
+    external: true

docker/docker-compose-all.yaml

@@ -0,0 +1,113 @@
+version: '3'
+services:
+  db:
+    container_name: kasm_db
+    image: postgres:9.5-alpine
+    restart: always
+    ports:
+      - "5432:5432"
+    networks:
+      - kasm_default_network
+    environment:
+      POSTGRES_PASSWORD: changeme
+      POSTGRES_USER: kasmapp
+      POSTGRES_DB: kasm
+    volumes:
+      - /opt/kasm/1.6.0/conf/database/data.sql:/docker-entrypoint-initdb.d/data.sql
+      - /opt/kasm/1.6.0/conf/database/:/tmp/
+      - kasm_db_1.6.0:/var/lib/postgresql/data
+    restart: always
+  kasm_redis:
+    container_name: kasm_redis
+    command: ["sh", "-c", "redis-server --requirepass $${REDIS_PASSWORD}"]
+    user: "${KASM_UID?}:${KASM_GID?}"
+    image: redis:5-alpine
+    restart: always
+    ports:
+      - "6379:6379"
+    networks:
+      - kasm_default_network
+    environment:
+      REDIS_PASSWORD: changeme
+    restart: always
+  kasm_api:
+    container_name: kasm_api
+    user: "${KASM_UID?}:${KASM_GID?}"
+    image: "kasmweb/api:1.6.0"
+    ports:
+      - "8080"
+    networks:
+      - kasm_default_network
+    volumes:
+      - /opt/kasm/1.6.0:/opt/kasm/current
+    depends_on:
+      - db
+    restart: always
+  kasm_manager:
+    container_name: kasm_manager
+    user: "${KASM_UID?}:${KASM_GID?}"
+    image: "kasmweb/manager:1.6.0"
+    ports:
+      - "8181"
+    networks:
+      - kasm_default_network
+    volumes:
+      - /opt/kasm/1.6.0:/opt/kasm/current
+    depends_on:
+      - db
+    restart: always
+  kasm_agent:
+    container_name: kasm_agent
+    user: root
+    image: "kasmweb/agent:1.6.0"
+    ports:
+      - "4444"
+    networks:
+      - kasm_default_network
+    volumes:
+      - /opt/kasm/1.6.0:/opt/kasm/current
+      - /var/run/docker.sock:/var/run/docker.sock
+      - /usr/bin/docker:/usr/bin/docker
+      - /opt/kasm/1.6.0/conf/nginx:/etc/nginx/conf.d
+    depends_on:
+      - kasm_manager
+    restart: always
+  kasm_share:
+    container_name: kasm_share
+    user: root
+    image: "kasmweb/share:1.6.0"
+    ports:
+      - "8182"
+    networks:
+      - kasm_default_network
+    volumes:
+      - /opt/kasm/1.6.0:/opt/kasm/current
+    restart: always
+    depends_on:
+      - db
+      - kasm_redis
+  proxy:
+    container_name: kasm_proxy
+    image: "nginx:alpine"
+    ports:
+      - "443:443"
+    networks:
+      - kasm_default_network
+    volumes:
+      - /opt/kasm/1.6.0/conf/nginx:/etc/nginx/conf.d:ro
+      - /opt/kasm/1.6.0/certs/kasm_nginx.key:/etc/ssl/private/kasm_nginx.key
+      - /opt/kasm/1.6.0/certs/kasm_nginx.crt:/etc/ssl/certs/kasm_nginx.crt
+      - /opt/kasm/1.6.0/www:/srv/www:ro
+    depends_on:
+      - kasm_manager
+      - kasm_api
+      - kasm_agent
+      - kasm_share
+    restart: always
+volumes:
+  kasm_db_1.6.0:
+    external: true
+
+networks:
+  kasm_default_network:
+    external: true

docker/docker-compose-api.yaml

@@ -0,0 +1,42 @@
+version: '3'
+services:
+  kasm_api:
+    container_name: kasm_api
+    user: "${KASM_UID?}:${KASM_GID?}"
+    image: "kasmweb/api:1.6.0"
+    ports:
+      - "8080"
+    networks:
+      - kasm_default_network
+    volumes:
+      - /opt/kasm/1.6.0:/opt/kasm/current
+    restart: always
+  proxy:
+    container_name: kasm_proxy
+    image: "nginx:alpine"
+    ports:
+      - "443:443"
+    networks:
+      - kasm_default_network
+    volumes:
+      - /opt/kasm/1.6.0/conf/nginx:/etc/nginx/conf.d:ro
+      - /opt/kasm/1.6.0/certs/kasm_nginx.key:/etc/ssl/private/kasm_nginx.key
+      - /opt/kasm/1.6.0/certs/kasm_nginx.crt:/etc/ssl/certs/kasm_nginx.crt
+      - /opt/kasm/1.6.0/www:/srv/www:ro
+    depends_on:
+      - kasm_api
+    restart: always
+  kasm_share:
+    container_name: kasm_share
+    user: root
+    image: "kasmweb/share:1.6.0"
+    ports:
+      - "8182"
+    networks:
+      - kasm_default_network
+    volumes:
+      - /opt/kasm/1.6.0:/opt/kasm/current
+    restart: always
+networks:
+  kasm_default_network:
+    external: true