Reverse Proxy Proxmox VNC With Nginx
Category : How-to
The noVNC console in the Proxmox Web GUI transfers it’s data through a technology called Websockets. Websockets often work in tandem with normal HTTP traffic and therefore often use the same end point (IP and port). Proxmox uses port 8006 by default for all web traffic; this includes the Web GUI you see and a websockets stream for the VNC console.
If you don’t already have Nginx set up, see my other post on How to reverse proxy the Proxmox Web GUI.
You’ll also need one of the more recent versions of Nginx for this to work.
If you use Nginx to reverse proxy your Proxmox Web GUI already, making it websocket compatible is very easy. In fact, it’s as easy as adding three additional lines to your Nginx config file for the location tag that serves your Proxmox Web GUI.
Open up your sites-available config file for your Proxmox site with a text editor:
vi /etc/nginx/sites-available/proxmox.jamescoyle.net
Find the location tag for your site and add the following:
proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade";
The resulting site should look similar to the below:
upstream proxmox { server 10.10.10.10; } server { listen 80 default_server; rewrite ^(.*) https://$host$1 permanent; } server { listen 443; server_name _; ssl on; ssl_certificate /etc/nginx/ssl/cert.pem; ssl_certificate_key /etc/nginx/ssl/key.pem; proxy_redirect off; location / { proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_pass https://proxmox:8006; } }
6 Comments
Bob
29-Mar-2016 at 12:31 amDo you know of a way to do this when you’re not passing the root of the server to the proxy, but instead something like https://domain.com/proxmox ?
It appears that proxmox assumes it’s at the root of the domain, and as such looks for some CSS and the like, causing 404’s galore.
james.coyle
29-Mar-2016 at 7:50 amThere are ways to get this working, but it’s tricky. The issue is that, as you say, things like images and CSS are usually hard coded to the base URL.
Take a look at mod_rewrite and mod_proxy_html.
Robert
19-Jul-2016 at 3:35 pmWith your howto I’ve found the right way to make the Proxmox admin site available without having access to port 8006.
It worked perfect for me until today when I was playing with my first LCX container vm.
The console of this system is accessible like normal, but after a few (10 – 12 key strokes) the console seems to be blocked. A reload gives me another 10 – 12 key strokes and then it gets blocked again.
Direct access (without nginx reverse proxy) still works.
Any ideas?
Yannis
11-Oct-2016 at 10:52 pmHi James,
Thanks for this it was very useful. Quick question, is it possible to make it work with SPICE too?
Thanks
james.coyle
11-Oct-2016 at 11:13 pmHey, I haven’t tried is the truth of it – you could try, but you’d need to use a different port as SPICE works on 3128.
Eric
23-Mar-2021 at 10:25 amThanks a lot !
Before finding your page I erred in https://bugzilla.proxmox.com/show_bug.cgi?id=1684 but your solution is much simpler to me.
Debian buster/nginx 1.14.2/novnc 1.0.0-1/TigerVNC 1.9.0