proxying requests for SPICE connection to vm?

K

Kosh

Well-Known Member
Dec 24, 2019
95
9
48
45
I have a working proxy
https://proxyprox-v001 -> https://cloud-v001:8006
I get to the web of the desired server, but I need to proxy the connection to the VM via the spice protocol
cv4pve-pepper.exe" --host=proxyprox-v001 --username "$UserName@ldap_cloudp" --password $Password --vmid NAME-vm --viewer "$viewerPath"

I can't connect, but as soon as I specify the direct host as cloud-v001, everything starts working
I thought that pveproxy is responsible for this and is on port 8006, or am I misunderstanding something?
 
Did you solve this? I am running into the same. My workaround was to foward the port 3128 on my firewall to proxmox, but that's an ugly hack. I basically need something the rewrite the spice config to point to the real server.
 
MrPenguin said:
Did you solve this? I am running into the same. My workaround was to foward the port 3128 on my firewall to proxmox, but that's an ugly hack. I basically need something the rewrite the spice config to point to the real server.
Click to expand...
I solved my main problem with blocking to web proxmox using haproxy

Code: 
# /etc/haproxy/haproxy.cfg

global
    log /dev/log local0
    log /dev/log local1 notice
    chroot /var/lib/haproxy
    stats socket /run/haproxy/admin.sock mode 660 level admin
    stats timeout 30s
    user haproxy
    group haproxy
    daemon


defaults
    log global
    mode http
    option httplog
    option dontlognull
    timeout connect 5s
    timeout client 20d
    timeout server 20d
    errorfile 400 /etc/haproxy/errors/400.http
    errorfile 403 /etc/haproxy/errors/403.http
    errorfile 408 /etc/haproxy/errors/408.http
    errorfile 500 /etc/haproxy/errors/500.http
    errorfile 502 /etc/haproxy/errors/502.http
    errorfile 503 /etc/haproxy/errors/503.http
    errorfile 504 /etc/haproxy/errors/504.http


# ============= TCP FRONTENDS =============

# ---  SPICE (5901) ---
frontend spice_5901
    bind *:5901
    mode tcp
    option tcplog
    default_backend spice_backend

backend spice_backend
    mode tcp
    balance leastconn
    server cloud-v001 cloud-v001.example.com:5901 check


# --- port 3128 ---
frontend port_3128
    bind *:3128
    mode tcp
    option tcplog
    default_backend port3128_backend

backend port3128_backend
    mode tcp
    server cloud-v001 cloud-v001.example.com:3128 check


# ============= HTTPS FRONTEND: API + WEB (filtration) =============

frontend pve_8006
#    bind *:8006 ssl crt /etc/haproxy/proxyprox.pem
    bind *:8006 ssl crt /etc/haproxy/proxyprox.pem
    mode http
    option httplog

    # === ACL: request API only ===
    acl is_api path_beg /api2/json
    acl is_api_version path /api2/json/version
    acl is_api_login path /api2/json/access/ticket

    # === We block everything except API ===
    http-request deny if !is_api !is_api_login

    # === Redirecting allowed requests ===
    use_backend pve_backend if is_api || is_api_login

# Backend Proxmox VE (API)
backend pve_backend
    mode http
    balance leastconn
    server cloud-v018 cloud-v018.example.com:8006 check ssl verify none
Click to expand...
 
Kosh said:
I have a working proxy
https://proxyprox-v001 -> https://cloud-v001:8006
I get to the web of the desired server, but I need to proxy the connection to the VM via the spice protocol
cv4pve-pepper.exe" --host=proxyprox-v001 --username "$UserName@ldap_cloudp" --password $Password --vmid NAME-vm --viewer "$viewerPath"

I can't connect, but as soon as I specify the direct host as cloud-v001, everything starts working
I thought that pveproxy is responsible for this and is on port 8006, or am I misunderstanding something?
Click to expand...
https://github.com/Corsinvest/cv4pve-pepper?tab=readme-ov-file#custom-proxy-configuration
 
You must log in or register to reply here.
Top Bottom