Unable to connect to PVE web console through reverse proxy

[Telperion]

I have an nginx reverse proxy running in an unprivileged container to access resources running in other containers / VM's with my 1 public IP. My nginx configuration is listed below. I can access the web interface, but I can't access the console on any of my VM's, containers, or host. I'm assuming this has to do with the reverse proxy configuration and VNC ports, but I'm unsure what port mapping I need to modify to make this work. I'd think that this is a pretty common setup.

(server and server_name are modified because the forum won't let me post 'links')

upstream pvehost {
        server 10.3.2.100:8006;
}

server {
        listen 80 http2;
        listen [::]:80 http2;
        server_name sub.domain.com;
        return 301 htt ps://$server_name$request_uri;
}

server {
        listen 443 ssl http2;
        listen [::]:443 ssl http2;
        server_name sub.domain.com;
        ssl_certificate /etc/letsencrypt/certs/star_domain_me/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/certs/star_domain_me/privkey.pem;

        location / {
                proxy_pass htt ps://pvehost;
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_http_version 1.1;
        }
}

 

[Telperion]

Found a fix online, had to enable a websocket connection. Updated, working config:

upstream proxmoxhost {
        server localhost:8006;
}

server {
        listen 80 http2;
        listen [::]:80 http2;
        server_name proxmox.domain.com;
        return 301 htt ps://$server_name$request_uri;
}

server {
        listen 443 ssl http2;
        listen [::]:443 ssl http2;
        server_name proxmox.domain.com;
        ssl_certificate /etc/dehydrated/certs/star_domain_com/fullchain.pem;
        ssl_certificate_key /etc/dehydrated/certs/star_domain_com/privkey.pem;

        location / {
                proxy_pass htt ps://proxmoxhost;
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
                proxy_http_version 1.1;
        }
}

 

[James Jeon]

Hi, so which part from the location is the websocket?
i have the same problem

 

[bythelake]

Telperion, thanks a bunch ... this worked for me and saved me some time. I added the following 2 lines from your example to my nginx config:

proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";

 

[mswedv]

i have a nginx reverse proxy (https://github.com/jc21/nginx-proxy-manager v2.9.8 ) which runs as lxc docker container at this proxmox node i want to redirect the web gui to.

my settings


Accessing the FQDN resulting in Error 503

Any Idear how to fix?

btw: my url via ip looks very odd, is that normal?

 

[dcsapak]

my settings

your scheme is http, should be https probably...

btw: my url via ip looks very odd, is that normal?

what looks odd?

 

[MysticalSam]

Same issue, any ideas.

on npm


on url: https://pve.home/

 

[dcsapak]

no idea sorry, i am not familiar with the proxy manager, was just a guess. but here is a guide for setting up a plain nginx: https://pve.proxmox.com/wiki/Web_Interface_Via_Nginx_Proxy

 

[mswedv]

no idea sorry, i am not familiar with the proxy manager, was just a guess. but here is a guide for setting up a plain nginx: https://pve.proxmox.com/wiki/Web_Interface_Via_Nginx_Proxy

This guide is how to set up nginx proxy at same host as proxmox. It's not the way i wanna go. I want to keep my host hypervisor untouched for this....

 

[firebowl]

I have a similar problem. I installed nginx reverse proxy in it's own lxc container. I can access the proxmox webinterface from outside my network via the reverse proxy. So far so good.
But I cannot access any service hosted in an other lxc container.
Working: Internet client ==> nginx reverse proxy (lxc container 1) ==> proxmox host website
Not Working: Internet client ==> nginx reverse proxy (lxc container 1) ==> adguard webinterface (lxc container 2)

 

[dcsapak]

This guide is how to set up nginx proxy at same host as proxmox. It's not the way i wanna go. I want to keep my host hypervisor untouched for this....

its just an nginx config, where you run it does not really matter (only that the ips, etc. are configured correctly)

I have a similar problem. I installed nginx reverse proxy in it's own lxc container. I can access the proxmox webinterface from outside my network via the reverse proxy. So far so good.
But I cannot access any service hosted in an other lxc container.
Working: Internet client ==> nginx reverse proxy (lxc container 1) ==> proxmox host website
Not Working: Internet client ==> nginx reverse proxy (lxc container 1) ==> adguard webinterface (lxc container 2)

this is not really the same issue, can you please open a new thread for a separate issue? (and please post more details, for example your network configs)