Proxmox VE 3.0 - How change default web interface port ?

Rokin

New Member
May 18, 2013
2
0
1
France
Hi,

Before upgrading my master server to Proxmox VE 3.0 i look how change the ports 8006 for another but i not found.
I have see a hardcoder port in /usr/bin/pveproxy file but not sur if is here.

how can modify this ?

thank you and sorry for my bad english :x
 
Hi
I have Varnish in a VM, but this is not really the solution I'm looking for.
I have try to modify port in /usr/bin/pveproxy and it's work (not seen error in log), but I do not know if this is consilller.
 
It's been almost a year since this thread was started, and still, there seem to be no way to reliably change the default pveproxy port without changing it in the executable itself - which is overwritten with every pveproxy update.
I'd like to hear from developers - is it really that hard to define a web-interface port in a configuration file, that does not get overwritten?
 
Code:
# dpkg -S pveproxy
pve-manager: /var/log/pveproxy
pve-manager: /usr/share/man/man1/pveproxy.1.gz
pve-manager: /usr/bin/pveproxy
pve-manager: /etc/init.d/pveproxy

Hence we need to compile the pve-manager with our defaults and install from our local repo and / or blacklist it from being installed from the pve repos.

Any reason for not making it configurable and remaining easily guessable (promotes hacking by brute force on reduced target space)?
 
Last edited:
Code:
# dpkg -S pveproxy
pve-manager: /var/log/pveproxy
pve-manager: /usr/share/man/man1/pveproxy.1.gz
pve-manager: /usr/bin/pveproxy
pve-manager: /etc/init.d/pveproxy

Hence we need to compile the pve-manager with our defaults and install from our local repo and / or blacklist it from being installed from the pve repos.

Any reason for not making it configurable and remaining easily guessable (promotes hacking by brute force on reduced target space)?

You cannot prevent hackers by just changing the port, there are a lot of others - by way more useful - ways to prevent this.

Of course, our devs can implement this but honestly, this is just a quite useless feature for 99,99% of our user base, therefore I guess its not on the highest priority.
 
You cannot prevent hackers by just changing the port, there are a lot of others - by way more useful - ways to prevent this.

Of course, our devs can implement this but honestly, this is just a quite useless feature for 99,99% of our user base, therefore I guess its not on the highest priority.

I did not state that it will prevent hacking, only that it reduces the time to hack due to reduced target permutations to brute force. Just provided ways to accommodate it for anyone with sufficient programming knowledge to do it in the absence of "devs" interest / priority in getting it done.

Thankyou for stating the devs interest in this feature. Just do a poll on the vote for this feature and see if it is anywhere near 99.9% negative.
 
Hacking isnt the only reason why you may want to change it. I must change it, because all ports accept 80 and 443 are blocked from my company network.

By the way, there are 2 Ways to change the Port.
For me, I prefer the first one.

1.
iptabels:
Code:
iptables -t nat -I PREROUTING --src 0/0 --dst "YourIPAdress/DNSName"  -p tcp --dport 443 -j REDIRECT --to-ports 8006
You can also set a specific network card with "-i eth0" instad of "--src" or a specific source IP or a range within "--src"




2. : https://thomasmuguet.info/notes-201...vironment-changing-port-of-web-interface.html

This gets lost when a new version of pveproxy is installed, so this operation needs to be done after every update of proxmox...

So 2. is a bad solution.
 
Last edited:
  • Like
Reactions: Rei
I'm struggling to get the iptables method to commit properly and if the server reboots, the settings are lost.
What am I missing?
 
+1 for making it an option or documenting where to change.

Of course, our devs can implement this but honestly, this is just a quite useless feature for 99,99% of our user base, therefore I guess its not on the highest priority.


I'd like to add myself to the list of the 00.01% who want this as a definable. It's a PITA not being able to define it easily and there are lots of situations where people in "real" environments would like this as an option. I would agree 99.99% of home users wouldn't care.

greg
 
Well for example i would like my panel to go throught cloudflare i guess i have to use nginx to proxy the request firstly?
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!