noVNC coonect to guest VM without portal

timur

New Member
Oct 1, 2014
6
0
1
Hello!

Can anybody explain me - it's possible connect to guest VM using browser without access to admin portal (https://blah-blah.com:8006).
I mean that client (%username%) must be access to him VM using http, https://blah-blah.com:5901, where blah-blah.com is proxmox 3.3-2 server and port 5901 is already mapped for specific VM?

It's work but only using client, like tigervnc. But I need check possible novnc connect.

Thanks!
 
Hi,

you need to use proxmox api, to generate a ticket and allow access to the vm.


So, I think it could be possible to have a novnc standalone and also some javascript inside it to call proxmox api, generate the ticket and then connect novnc.

(I'm not expert in javascript, I can't help for this)
 
Anyone found a solution to this? I've the same problem as timur, needing to log in user programmatically without exposing the proxmox GUI to the user.
 
Hello,
Proxmox supports that out of the box. No need to change the API.
You two guys can add me on Skype: henne.s

Best regards
Henry
 

I just wanted to point out that the link in question ISN'T working for anyone else because this runs on the same server as proxmox and thus setting cookies works perfectly - however as state elsewhere multiple times if you have your own web app/site/service you're screwed because cookies cannot be set cross-site and thus the cookie-based authentication method used by proxmox fails miserably precisely when you need it most. I'd be very happy to be corrected and proven wrong.

I think this could be fixed by simply adding to the api an entry point where you can post the cookie so that the cookie can be set server side by the proxmox api.
 
I think this could be fixed by simply adding to the api an entry point where you can post the cookie so that the cookie can be set server side by the proxmox api.

A cookie is just a simple html header, so you simply add that header to API commands ...
 
A cookie is just a simple html header, so you simply add that header to API commands ...

Thanks dietmar, I agree that API calls work just fine. Unfortunately that's not the issue here. The issue is opening the VM console URL using a standard link like

<a href="https://<proxmox-server-port>/?console=openvz&novnc=1&vmid=123&vmname=hostname&node=proxmox">open vm console</a>
which will not work as NoVNC will complain that there is no ticket. The reason is that the link lives in website A while the proxox server lives in server B, and no-one can set a *browser* cookie for server B besides the server B itself.

As timur implied, it would work if the user was logged in proxmox in server B as this would set the required browser cookie and clicking on the link would result in jumping on the proxmox server and finding the cookie already set.

Ergo, to achieve this it seems to me that we would either need a way to programmatically log in users via an api call or have an api that directly sets the browser cookie server side given some credentials as input.

The first option is probably the best as it would allow third party web apps to seamlessly integrate better with proxmox.
 
Last edited:
install Hamachi VPN and XRDP on your guests.... then you don't have to do anything with proxmox itself as the remote viewing is all handled by the guest VM.

Interesting, however this does not seem to be an option for us as we'd like console access to VMs regardless of what user might have installed on uninstalled in their VMs.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!