[SOLVED] Can't access consoles when accessing from the web

[FiltroMan]

*** TL;DR BELOW ***

Hi there,

After quite a few weeks of thinking about it, I finally pulled the plug and bought a domainfor myself so that I could finally start implementing and understanding a more realistic use case for all my LXCs and VMs: shame on me for waiting too long. Now, using Nginx (in LXC) I'm able to access my Proxmox interface from the web using the address "proxmox.mydomain.com" with SSL encryption and everything but, weirdly enough, whenever I try to open a console I always get the same error as below:

Where the console is supposed to be, I briefly get the translucent banner that says "Connecting" and then goes straight to "undefined (Code:1006)", whilst in the log I get this message

TASK ERROR: command '/usr/bin/termproxy 5900 --path /vms/100 --perm VM.Console -- /usr/bin/dtach -A /var/run/dtach/vzctlconsole100 -r winch -z lxc-console -n 100 -e -1' failed: exit code 1

I added the hostname in the hosts section of the GUI and I'm using the root account, and I only get this issue when accessing through the URL specified above, regardless of the device using to access it being on my LAN or not, if I access my Proxmox instance via it's IP I get the certificate error but everything works flawlessly.

At this point in time is not that big of a deal, but I'd like to know why is it behaving like that, because it's definitely something I misconfigured or forgot to configure entirely lol

TL;DR - If I access my Proxmox instance through it's IP I can access all the consoles, if I do it from my domain URL "proxmox.mydomain.com" I get an error

Many thanks for your support folks!

 

[CalebSnell]

Does proxmox.mydomain.com use a different IP than you would use than if you connected directly? As in, does it use your public IP and you port forward on your home router to make it work?

If you port forward, have you made sure that you also have port 5900 forwarded to the appropriate container? I've run into that same error when I first setup remote access since I only forwarded and allowed 8006 through my firewall.

 

[FiltroMan]

Does proxmox.mydomain.com use a different IP than you would use than if you connected directly? As in, does it use your public IP and you port forward on your home router to make it work?

If you port forward, have you made sure that you also have port 5900 forwarded to the appropriate container? I've run into that same error when I first setup remote access since I only forwarded and allowed 8006 through my firewall.

Perhaps it's better if I go through every step going from the domain to what actually happens, as I use Nginx and I've only forwarded ports 80 and 443 through my router

1) Google domains with a CNAME record as "proxmox.mydomain.com" pointing to my FritzBox's DNS
2) Nginx set up to forward "proxmox.mydomain.com" to the local IP address and port 8006

Ideally, I would like access to my Proxmox instance and launch any consoles I want, perhaps I'm missing something on Nginx's side?

 

[CalebSnell]

Yeah, I would think you just need to do the same thing you already did on the Nginx side but w/ port 5006 5900 and the IP of the VM/container in question in addition to the Proxmox hosts IP and port 8006. I don't know much about those specific services though, so maybe it's only capable of doing the one port.

 

[FiltroMan]

So, you're suggesting to just update the Nginx proxy host and having it forward to port 5900 instead of 8006 as it currently stands?

I'll give it a shot and will update the thread.

 

[FiltroMan]

*** SOLUTION ***

After checking Proxmox's documentation regarding the ports being used (here) I noticed that the VNC web console is indeed using port range 5900-5999, but that's also leaning on using websockets. Leaving the Nginx entry still to forward to port 8006 for the web GUI and enabling websockets did the trick! Thanks a lot for the input @CalebSnell

 

[petemir]

*** SOLUTION ***

After checking Proxmox's documentation regarding the ports being used (here) I noticed that the VNC web console is indeed using port range 5900-5999, but that's also leaning on using websockets. Leaving the Nginx entry still to forward to port 8006 for the web GUI and enabling websockets did the trick! Thanks a lot for the input @CalebSnell

Hello,

Glad to hear you have solved it. Do you mind sharing how you enabled websockets in the nginx configuration? I am not sure how to do it without overriding the forwarding to port 8006. Thanks.

 

[FiltroMan]

Hello,

Glad to hear you have solved it. Do you mind sharing how you enabled websockets in the nginx configuration? I am not sure how to do it without overriding the forwarding to port 8006. Thanks.

Hi,

Actually I have just left everything as it was already in Nginx Proxy Manager web interface you can find at its IP:81 and just ticked the box to enable websockets. I manage everything through the web GUI, so I would genuinely have no clue how it would be set up in the config file, but ticking the box whilst still forwarding my domain name to port 8006 did the trick.

 

[petemir]

Hi,

Actually I have just left everything as it was already in Nginx Proxy Manager web interface you can find at its IP:81 and just ticked the box to enable websockets. I manage everything through the web GUI, so I would genuinely have no clue how it would be set up in the config file, but ticking the box whilst still forwarding my domain name to port 8006 did the trick.

View attachment 54908

That's ok, thanks! In the end I use nix-os so in this case it was only setting "proxyWebsockets = true" in the config block for the location "/" for the site .

 

[Xalen]

putting this for anyone here who is using the nginx config file and happens to find this thread, you need the additional lines so your config file should be as follows for proxmox:


server{ listen 443 ssl http2; ssl_certificate /etc/nginx/ssl/mydomaincert.crt; ssl_certificate_key /etc/nginx/ssl/myprivatekey.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers HIGH:!aNULL:!MD5; # server name can be whatever you want it to be, ideally stick with something.local to prevent conflict with real web addresses server_name proxmox.local; location / { proxy_pass "put local ipv4 of proxmox web ui inside these quotations"; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Host $server_name; proxy_set_header X-Forwarded-Ssl on; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_http_version 1.1; } }

I do not know if you need all those additional lines, but after adding them and running sudo nginx -s reload, I could access the consoles for my containers from proxbox.proxmox, change the addresses to fit your local ip obviously. This is also assuming one has set up their ssl certificate as well.

 

[thiarneves]

*** SOLUTION ***

After checking Proxmox's documentation regarding the ports being used (here) I noticed that the VNC web console is indeed using port range 5900-5999, but that's also leaning on using websockets. Leaving the Nginx entry still to forward to port 8006 for the web GUI and enabling websockets did the trick! Thanks a lot for the input @CalebSnell

It solved like magic, tks!