20 KiB
desktop.resolution.width, desktop.resolution.height
Set a fixed desktop resolution. Set desktop.allow_resize to false for
this to work.
Unit: pixels
Default: 1024x768
desktop.allow_resize
If turned on, resizing browser window changes desktop resolution to fit the window.
Set to false to have a fixed resolution (you need to set
desktop.resolution.width and
desktop.resolution.heigh).
Unit: boolean
Default: true
desktop.pixel_depth
Pixel depth in bits. Possible values are 16, 24, 32. These values are fail-safe. You can specify any bit value via command-line.
Unit: bits
Default: 24
network.protocol
With KasmVNC, you can use a web browser client (set value to http) or a
traditional VNC client (set value to vnc).
If you use vnc protocol, you're on your own. Passing Xvnc options via
command-line is required in this case. Most config settings are ignored.
Unit: http, vnc
Default: http
network.interface
IP address or host name to listen on. Set to 0.0.0.0 to listen on all network
interfaces.
Unit: ip address or host name
Default: 0.0.0.0
network.websocket_port
Listen for websocket connections on this port. auto translates to 8443 + X
display number.
Unit: integer
Default: auto
network.use_ipv4
Use IPv4 for incoming and outgoing connections.
Unit: boolean
Default: true
network.use_ipv6
Use IPv6 for incoming and outgoing connections.
Unit: boolean
Default: true
network.udp.public_ip
KasmVNC server needs to know its IP from the perspective of the client. With auto,
it finds that out automatically (by using a public STUN server).
If the server and client are on the same private network, and not connected to internet, you need to specify a private IP address of the server, accessible to the client.
Unit: IP address, auto.
Default: auto
network.udp.port
Set UDP port to use. With auto,
value is inherited from network.websocket_port.
Unit: auto, integer
Default: auto
network.ssl.pem_certificate
SSL pem certificate to use for websocket connections.
Unit: path
Default: standard snake oil certificate on Debian-based distros. Auto-generated
on Fedora-based distros.
network.ssl.pem_key
SSL pem key to use for websocket connections. If you have private and public keys in one file, using network.ssl.pem_certificate is enough to set both.
Unit: path
Default: standard snake oil certificate on Debian-based distros. Auto-generated
on Fedora-based distros.
network.ssl.require_ssl
Require SSL for websocket connections.
Unit: boolean
Default: true
user_session.session_type
shared- allow multiple sessions for a single desktop.exclusive- only one user session can work with the desktop.
If set, overrides client settings.
When combined with concurrent_connections_prompt , the user is asked to let the incoming connection in.
Unit: shared, exclusive
Default: not set, client settings are used
user_session.new_session_disconnects_existing_exclusive_session
Only applies if session_type is set to
exclusive. The user working with the desktop is kicked out by a new session.
New session takes over the desktop.
When combined with concurrent_connections_prompt, the user is asked to confirm session takeover.
Unit: boolean
Default: false
user_session.concurrent_connections_prompt
Prompts the user of the desktop to explicitly accept or reject incoming connections.
The vncconfig(1) program must be running on the desktop.
Unit: boolean
Default: false
user_session.concurrent_connections_prompt_timeout
Active only if concurrent_connections_prompt, is turned on.
Number of seconds to show the Accept Connection dialog before rejecting the connection.
Unit: seconds
Default: 10
user_session.idle_timeout
⚠️ This setting only applies, when allow_client_to_override_kasm_server_settings is turned off.
The number of seconds after which an idle session is dropped.
Unit: seconds
Default: never
keyboard.remap_keys
Set up 1-to-1 character replacement. For example, to exchange the " and @
symbols you would specify the following: 0x22->0x40. Similar to tr(1).
Unit: hex numbers in the format <from_character>-><to_character>
Default: not set
keyboard.ignore_numlock
-- TODO
Key affected by NumLock often require a fake Shift to be inserted in order for the correct symbol to be generated. Turning on this setting avoids these extra fake Shift events but may result in a slightly different symbol (for example, a Return instead of a keypad Enter).
Unit: boolean
Default: false
keyboard.raw_keyboard
Send keyboard events straight through and avoid mapping them to the current keyboard layout. This effectively makes the keyboard behave according to the layout configured on the server instead of the layout configured on the client.
Unit: boolean
Default: false
pointer.enabled
Allows clicks from mice, trackpads, etc.
Unit: boolean
Default: true
runtime_configuration.allow_client_to_override_kasm_server_settings
KasmVNC exposes a few settings to the client the standard VNC does not. You can let the client override these settings or forbid overriding.
Unit: boolean
Default: true
runtime_configuration.allow_override_standard_vnc_server_settings
If turned on, VNC settings defined in runtime_configuration.allow_override_list can be changed at runtime.
Unit: boolean
Default: true
runtime_configuration.allow_override_list
You can modify listed settings at runtime. Settings can be modified, for example, using vncconfig(1) program from inside a running session.
The list must contain absolute config keys like
pointer.enable. To actually change
pointer.enable, you need to pass the corresponding
command-line option AcceptPointerEvents to vncconfig(1).
Unit: list of absolute config keys
Default:
pointer.enabled
data_loss_prevention.clipboard.server_to_client.enabled
data_loss_prevention.clipboard.client_to_server.enabled
data_loss_prevention.clipboard.server_to_client.primary_clipboard_enabled
logging.log_writer_name
Log all subsystems of KasmVNC by setting to all. To log a specific subsystem,
consult source code for LogWriter instances. For example, static LogWriter vlog("STrayIcon");. STrayIcon is the log writer name here.
Unit: all, <log writer name found in source code>
Default: all
logging.log_dest
Log to the instance's log file in ~/.vnc, or syslog.
Unit: logfile, syslog
Default: logfile
logging.level
Logging verbosity level. Can be in the 0..100 range. 100 meaning most verbose output, 0 meaning most concise.
Unit: integer in the 0..100 range
Default: 30
security.brute_force_protection.blacklist_threshold
The number of unauthenticated connection attempts allowed from any individual host before that host is black-listed.
Unit: integer
Default: 5
security.brute_force_protection.blacklist_timeout
The initial timeout applied when a host is first black-listed by failing to authenticate blacklist_threshold times. The host cannot re-attempt a connection until the timeout expires.
Unit: seconds
Default: 10
data_loss_prevention.visible_region.top, data_loss_prevention.visible_region.left, data_loss_prevention.visible_region.right, data_loss_prevention.visible_region.bottom
The regions feature allows you to select a region of the screen to render to the user. Concealed portions of the screen are blacked out.
Absolute coordinates
Select a region using pixels:
top: 10
left: 10
right: 40
bottom: 40
Offset coordinates
Use negative numbers to offset from the screen boundary. For left and top,
this means 0 plus the provided number. In the below example that would be 10.
For right and bottom, that means the maximum horizontal or vertical
resolution minus the provided number.
If the resolution was 1080x720 in the below example that would equate to a
right of 1070 and bottom of 710. Therefore, the example below would be
translated to 10, 10, 1070, 710. Using offset coordinates has an advantage of
scaling with screen size changes versus using absolute values.
Select a region using pixel offsets:
top: -10
left: -10
right: -10
bottom: -10
You can combine absolute values with offset values, such as the following example:
top: 50
left: 10
right: -10
bottom: -10
Percentages
Regions does support percent values, which are evaluated as a border that is a percent of the total width and height respectively. Regions does not support mixing percent values and absolute or offset values.
For example:
top: 10%
left: 10%
right: 20%
bottom: 20%
Unit: pixels, offset pixels, percentages
Default: not set
data_loss_prevention.visible_region.concealed_region.allow_click_down
Allow mouse button down events within the concealed regions, by default they are blocked.
Unit: boolean
Default: false
data_loss_prevention.visible_region.concealed_region.allow_click_release
Allow mouse button releases within the concealed regions, by default they are blocked until the cursor returns to the visible region.
Unit: boolean
Default: false
data_loss_prevention.clipboard.delay_between_operations
This many milliseconds must pass between clipboard actions.
Unit: milliseconds, none
Default: none
data_loss_prevention.clipboard.allow_mimetypes
Allowed binary clipboard mimetypes.
Unit: mimetype
Default:
chromium/x-web-custom-data
text/html
image/png`
data_loss_prevention.clipboard.server_to_client.enabled
⚠️ This setting only applies, when allow_client_to_override_kasm_server_settings is turned off.
Whether to send desktop clipboard changes to clients.
Unit: boolean
Default: false
data_loss_prevention.clipboard.server_to_client.size
Limit clipboard bytes to send to clients in one transaction.
Unit: number of bytes, unlimited
Default: unlimited
data_loss_prevention.clipboard.server_to_client.primary_clipboard_enabled
Send the primary selection to the client. Meaning, mouse-selected text is copied to clipboard. Only works in Chromium-based browsers.
Unit: boolean
Default: false
data_loss_prevention.clipboard.client_to_server.enabled
⚠️ This setting only applies, when allow_client_to_override_kasm_server_settings is turned off.
Accept clipboard updates from clients.
Unit: boolean
Default: false
data_loss_prevention.clipboard.client_to_server.size
Limit clipboard bytes to receive from clients in one transaction.
Unit: number of bytes, unlimited
Default: unlimited
data_loss_prevention.keyboard.enabled
Accept key press and release events from clients.
Unit: boolean
Default: true
data_loss_prevention.keyboard.rate_limit
Reject keyboard presses over this many per second.
Unit: integer, unlimited
Default: unlimited
data_loss_prevention.logging.level
Log clipboard and keyboard actions. info logs just clipboard direction and
size, verbose adds the contents for both.
Unit: off, info, verbose
Default: off
encoding.max_frame_rate
⚠️ This setting only applies, when allow_client_to_override_kasm_server_settings is turned off.
The maximum number of updates per second sent to clients. If the screen updates any faster then those changes are aggregated and sent in a single update to the client. Note that this only controls the maximum rate and a client may get a lower rate when resources are limited.
Unit: integer
Default: 60
encoding.full_frame_updates
KasmVNC cuts the screen up into smaller rectangles and only sends sections of the screen that change. When using UDP, some rectangles can be dropped, so this option forces a full screen update every X frames.
Unit: none, positive integer
Default: none
encoding.rect_encoding_mode.min_quality
⚠️ This setting only applies, when allow_client_to_override_kasm_server_settings is turned off.
The minimum quality setting for JPEG/WEBP encoding. Rendering automatically degrades JPEG quality when there is a lot of motion in a particular block. This setting controls the minimum quality to use when there is a high degree of change. The accepted values are 0..9 where 0 is low and 9 is high.
Unit: integer in the 0..9 range
Default: 7
encoding.rect_encoding_mode.max_quality
⚠️ This setting only applies, when allow_client_to_override_kasm_server_settings is turned off.
The maximum quality setting for JPEG/WEBP encoding. Rendering automatically degrades JPEG quality when there is a lot of motion in a particular block. This setting controls the maximum quality to use when there is no or little motion. The accepted values are 0..9 where 0 is low and 9 is high.
Unit: integer in the 0..9 range
Default: 8
encoding.rect_encoding_mode.consider_lossless_quality
⚠️ This setting only applies, when allow_client_to_override_kasm_server_settings is turned off.
KasmVNC dynamically adjusts the JPEG/WEBP quality based on how much change
there is in a particular section. Every x number of frames it sends a
'lossless' update. That way, if you are scrolling, the text blurs a little while
you scroll but as soon as you stop, it should clear up on the next lossless
update. consider_lossless_quality means "treat this quality as lossless."
Assuming the min quality of 3, the max of 7 and treat lossless of 5. KasmVNC
would constantly adjust the quality of images sent anywhere from 3 to 7
depending on the rate of change. If the last rectangle sent was at 5 then it
would not send a lossless update for that part of the screen.
Unit: integer in the 0..10 range
Default: 10
encoding.rect_encoding_mode.rectangle_compress_threads
Use this many threads to compress rectangles in parallel. auto sets threads to
match the core count.
Unit: integer, auto.
Default: auto
encoding.video_encoding_mode.jpeg_quality
⚠️ This setting only applies, when allow_client_to_override_kasm_server_settings is turned off.
The JPEG quality to use when in video mode. The accepted values are 0..9 where 0 is low and 9 is high. A value of -1 keeps the quality level used in normal mode.
Unit: integer in the -1..9 range
Default: -1
encoding.video_encoding_mode.webp_quality
⚠️ This setting only applies, when allow_client_to_override_kasm_server_settings is turned off.
The WEBP quality to use when in video mode. The accepted values are 0..9 where 0 is low and 9 is high. A value of -1 keeps the quality level used in normal mode.
Unit: integer in the -1..9 range
Default: -1
encoding.video_encoding_mode.max_resolution.width, encoding.video_encoding_mode.max_resolution.height
⚠️ This setting only applies, when allow_client_to_override_kasm_server_settings is turned off.
When in Video Mode, downscale the screen to this maximum size. Keeps aspect ratio with client's actual resolution.
Unit: pixels
Default: 1920x1080
encoding.video_encoding_mode.enter_video_encoding_mode.time_threshold
⚠️ This setting only applies, when allow_client_to_override_kasm_server_settings is turned off.
Number of seconds that a high rate of change most occur before switching to video mode. Setting to 0 forces Video Mode at all times.
Unit: seconds
Default: 5
encoding.video_encoding_mode.enter_video_encoding_mode.area_threshold
⚠️ This setting only applies, when allow_client_to_override_kasm_server_settings is turned off.
The percent of the screen that must be seeing high rates of change to meet the threshold of Video Mode. This percentage of the screen must see rapid changes for the amount of time specified by encoding.video_encoding_mode.enter_video_encoding_mode.time_threshold.
Unit: percentage of screen
Default: 45%
encoding.video_encoding_mode.exit_video_encoding_mode.time_threshold
⚠️ This setting only applies, when allow_client_to_override_kasm_server_settings is turned off.
When in Video Mode, high rates of change must subside for this many seconds before dropping out of video mode.
Unit: seconds
Default: 3
encoding.video_encoding_mode.logging.level
Print the detected video area % value. This is useful when trying to tune your settings for your particular use case.
Unit: info, off
Default: off
encoding.video_encoding_mode.scaling_algorithm
⚠️ This setting only applies, when allow_client_to_override_kasm_server_settings is turned off.
The scaling method to use in video mode.
Unit: nearest, bilinear, progressive_bilinear
Default: progressive_bilinear
encoding.compare_framebuffer
Perform pixel comparison on frame buffer to reduce unnecessary updates.
Unit: off, always, auto
Default: auto
encoding.zrle_zlib_level
⚠️ This setting only applies, when allow_client_to_override_kasm_server_settings is turned off.
Zlib compression level for ZRLE encoding (it does not affect Tight encoding).
Acceptable values are between 0..9. Set to auto to use the standard
compression level provided by the zlib(3) compression library.
Unit: integer in the 0..9 range, auto
Default: auto
encoding.hextile_improved_compression
Use improved compression algorithm for Hextile encoding which achieves better compression ratios by the cost of using slightly more CPU time.
Unit: boolean
Default: true
server.advanced.x_font_path
Specify X font path.
Unit: path, auto
Default: auto
server.advanced.httpd_directory
Run a mini-HTTP server which serves files from the given directory. Normally the directory contains the kasmweb client.
Unit: path
Default: /usr/share/kasmvnc/www
server.advanced.kasm_password_file
Password file for Basic authentication, created with the kasmvncpasswd(1)
utility.
Unit: path
Default: ${HOME}/.kasmpasswd
server.advanced.x_authority_file
Set to X authority file. X authority file stores credentials in cookies used by
xauth(1) for authentication of X sessions.
auto means using file defined in $XAUTHORITY environment variable. If the
variable isn't defined, fallback to using ${HOME}/.Xauthority file.
Unit: path
Default: auto
server.auto_shutdown.no_user_session_timeout
Terminate KasmVNC when no client has been connected for this many seconds.
Unit: seconds, never
Default: never
server.auto_shutdown.active_user_session_timeout
Terminate KasmVNC when a client has been connected for this many seconds.
Unit: seconds, never
Default: never
server.auto_shutdown.inactive_user_session_timeout
Terminate KasmVNC after this many seconds of user inactivity.
Unit: seconds, never
Default: never
command_line.prompt
Guide the user (by prompting), to ensure that KasmVNC is usable. For example, prompt to create a KasmVNC user if no users exist or no users can control the desktop.
Unit: boolean
Default: true