Reverse Proxy Proxmox VNC With Nginx

Reverse Proxy Proxmox VNC With Nginx

Get Social!

proxmox logo gradThe noVNC console in the Proxmox Web GUI transfers it’s data through a technology called Websockets. Websockets often work in tandem with normal HTTP traffic and therefore often use the same end point (IP and port). Proxmox uses port 8006 by default for all web traffic; this includes the Web GUI you see and a websockets stream for the VNC console.

If you don’t already have Nginx set up, see my other post on How to reverse proxy the Proxmox Web GUI.

You’ll also need one of the more recent versions of Nginx for this to work.

If you use Nginx to reverse proxy your Proxmox Web GUI already, making it websocket compatible is very easy. In fact, it’s as easy as adding three additional lines to your Nginx config file for the location tag that serves your Proxmox Web GUI.

Open up your sites-available config file for your Proxmox site with a text editor:

vi /etc/nginx/sites-available/proxmox.jamescoyle.net

Find the location tag for your site and add the following:

proxy_http_version 1.1;                                                           proxy_set_header Upgrade $http_upgrade;                                           proxy_set_header Connection "upgrade";

The resulting site should look similar to the below:

upstream proxmox {
    server 10.10.10.10;
}
 
server {
    listen 80 default_server;
    rewrite ^(.*) https://$host$1 permanent;
}
 
server {
    listen 443;
    server_name _;
    ssl on;
    ssl_certificate /etc/nginx/ssl/cert.pem;
    ssl_certificate_key /etc/nginx/ssl/key.pem;
    proxy_redirect off;
    location / {
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade"; 
        proxy_pass https://proxmox:8006;
    }
}

 


6 Comments

Bob

29-Mar-2016 at 12:31 am

Do you know of a way to do this when you’re not passing the root of the server to the proxy, but instead something like https://domain.com/proxmox ?

It appears that proxmox assumes it’s at the root of the domain, and as such looks for some CSS and the like, causing 404’s galore.

    james.coyle

    29-Mar-2016 at 7:50 am

    There are ways to get this working, but it’s tricky. The issue is that, as you say, things like images and CSS are usually hard coded to the base URL.
    Take a look at mod_rewrite and mod_proxy_html.

Robert

19-Jul-2016 at 3:35 pm

With your howto I’ve found the right way to make the Proxmox admin site available without having access to port 8006.
It worked perfect for me until today when I was playing with my first LCX container vm.
The console of this system is accessible like normal, but after a few (10 – 12 key strokes) the console seems to be blocked. A reload gives me another 10 – 12 key strokes and then it gets blocked again.
Direct access (without nginx reverse proxy) still works.
Any ideas?

Yannis

11-Oct-2016 at 10:52 pm

Hi James,

Thanks for this it was very useful. Quick question, is it possible to make it work with SPICE too?

Thanks

    james.coyle

    11-Oct-2016 at 11:13 pm

    Hey, I haven’t tried is the truth of it – you could try, but you’d need to use a different port as SPICE works on 3128.

Eric

23-Mar-2021 at 10:25 am

Thanks a lot !
Before finding your page I erred in https://bugzilla.proxmox.com/show_bug.cgi?id=1684 but your solution is much simpler to me.
Debian buster/nginx 1.14.2/novnc 1.0.0-1/TigerVNC 1.9.0

Leave a Reply

Visit our advertisers

Quick Poll

Do you use GlusterFS in your workplace?

Visit our advertisers